Facebook Paying Teens $20/Month to Install Data Harvesting VPN App on iPhones

Apple in August 2018 forced Facebook to remove its Onavo VPN app from the App Store, because Facebook was using it to track user activity and data across multiple apps, something that violate's Apple's ‌App Store‌ policies.

As it turns out, Facebook has found an underhanded way to skirt Apple's rules and get people to continue installing its VPN -- paying them.


TechCrunch this afternoon exposed Facebook's "Project Atlas" program, in which Facebook paid people -- adults and teenagers -- to install a "Facebook Research" VPN that is similar to the Onavo VPN app.

As of 2016, Facebook has been secretly offering people aged 13 to 35 up to $20 per month along with referral fees to sideload the Facebook Research app using an enterprise certificate on iPhone. Enterprise certificates like this are designed to allow companies to distribute internal corporate apps and give full root access to a device.

To hide its involvement, Facebook has been using beta testing services like Applause, BetaBound and uTest to recruit participants to install Facebook Research.

By getting people to sideload an app this way through an enterprise certificate, Facebook has access to data that includes private messages in social media apps, chats from instant messaging apps (including photos and videos), emails, web searches, web browsing activity, and ongoing location information. It's not clear if Facebook is accessing this data, but it could, according to security researcher Will Strafach, who TechCrunch consulted for this piece.

"The fairly technical sounding 'install our Root Certificate' step is appalling," Strafach tells us. "This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this."

The terms of service for the Facebook Research app suggest Facebook was collecting information about the smartphone apps on a participant's phone and how and when those apps are used. Facebook also said it would collect data about activities and content within the apps, and information about internet browsing history. There's even a line suggesting Facebook collects data even when an app uses encryption or from within a secure browser session.

Facebook confirmed the program in a statement provided to TechCrunch and reportedly said that the Facebook Research app was "in line with Apple's Enterprise Certificate program," though that does not seem to be the case based on Apple's Enterprise Certificate policy.

"Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we've provided extensive information about the type of data we collect and how they can participate. We don't share this information with others and people can stop participating at any time."

Apple has been made aware of the issue, but declined to provide a comment to TechCrunch. It's not clear how the Cupertino company will handle the situation, but as TechCrunch points out, Apple CEO Tim Cook has been highly critical of Facebook and its privacy violations. Apple could potentially block the Facebook Research app or revoke Facebook's permission to distribute internal apps entirely.

Full details on Facebook's spying app can be found in TechCrunch's exposé.

Top Rated Comments

(View all)
Avatar
18 months ago
Facebook is garbage.
Score: 42 Votes (Like | Disagree)
Avatar
18 months ago
What moron sells all their personal data for at most $20/month. Good lord people are dumb.
Score: 35 Votes (Like | Disagree)
Avatar
18 months ago
Wow, when will people realize how truly evil Facebook really is.

Apple should make an example of them and ban their app, at least temporarily.
Score: 34 Votes (Like | Disagree)
Avatar
18 months ago
Mark, Mark, Mark, Mark, Mark. Do you even know what the "P" in VPN stands for? Private. You've made a data-harvesting virtual private network. That doesn't compute!

Score: 27 Votes (Like | Disagree)
Avatar
18 months ago
facebook should be paying me $20/month to use Facebook at all for the amount of $$$ they made off of my data.
Score: 24 Votes (Like | Disagree)
Avatar
18 months ago
I am sick of these companies and all this garbage they are pulling! Especially, Facebook.
Score: 22 Votes (Like | Disagree)

Top Stories

Apple Releases macOS Catalina 10.15.5 With Battery Health Management Features, Fix for Finder Freezing

Tuesday May 26, 2020 1:59 pm PDT by
Apple today released macOS Catalina 10.15.5, the fifth update to the macOS Catalina operating system that was released in October 2019. macOS Catalina 10.15.5 comes two months after the launch of macOS Catalina 10.15.4, which introduced Screen Time Communication Limits. macOS Catalina 10.15.5 is a free update that can be downloaded from the Mac App Store using the Update feature in the...

Leaker Shares Details on 'iPhone 13' Camera [Updated]

Wednesday May 27, 2020 4:27 pm PDT by
The next-generation iPhone 12 lineup coming in fall 2020 isn't out yet, but Fudge (@choco_bit), a leaker who sometimes shares information on upcoming Apple devices, today offered up details on what Apple has in store for the 2021 iPhone 13's camera setup. A simple design drawing depicts a device with a four camera array, which Fudge claims will have the following features: 64-megapixel...

Leaker: Apple to Stick With Lightning Over USB-C for 'iPhone 12' Before Going Port-Less Next Year

Tuesday May 26, 2020 2:31 am PDT by
Apple will use a Lightning port instead of USB-C in the upcoming "iPhone 12," but it will be the last major series of Apple's flagship phones to do so, with models set to combine wireless charging and a port-less Smart Connector system for data transfer and syncing in the iPhone "13 series" next year. The above claim comes from occasional Apple leaker and Twitter user "Fudge" (@choco_bit),...

16-Inch MacBook Pro, iPad Pro, and iMac Pro With Mini-LED Displays Again Rumored to Launch in 2021

Tuesday May 26, 2020 5:30 am PDT by
Apple plans to release several higher-end devices with Mini-LED displays in 2021, including a new 12.9-inch iPad Pro in the first quarter, a new 16-inch MacBook Pro in the second quarter, and a new 27-inch iMac in the second half of the year, according to Jeff Pu, an analyst at Chinese research firm GF Securities. This timeframe lines up with one shared by analyst Ming-Chi Kuo, who recently...

Apple Begins Selling Refurbished iPhone XR Models

Thursday May 28, 2020 9:50 pm PDT by
Apple today began selling certified refurbished iPhone XR models in select colors and capacities for the first time in the United States. Refurbished iPhone XR models are priced at a roughly 16 percent discount compared to current pricing on brand-new units, knocking $100–120 off of the regular price. In addition to the 64GB and 128GB capacities matching current brand-new iPhone XR models, ...

Apple Making It Harder to Avoid Nagging macOS Update Notifications

Thursday May 28, 2020 8:13 am PDT by
With the release of macOS Catalina 10.15.5 and related security updates for macOS Mojave and High Sierra earlier this week, Apple is making it more difficult for users to ignore available software updates and remain on their current operating system versions. Included in the release notes for macOS Catalina 10.15.5 is the following:- Major new releases of macOS are no longer hidden when...

HBO Max Now Available on Apple TV and iOS Devices

Wednesday May 27, 2020 2:42 am PDT by
HBO Max launched today, and is now available on Apple TV, iPhone, and iPad. WarnerMedia's new streaming service, which replaces HBO Now, combines HBO content with shows and films from Warner Bros and Turner TV. The service is available as a native app on the ‌Apple TV‌ HD and ‌Apple TV‌ 4K, but second and third-generation ‌Apple TV‌ owners will need to AirPlay HBO Max content...

Powerbeats Pro Debut in Four New Colors: Spring Yellow, Cloud Pink, Lava Red, and Glacier Blue

Friday May 29, 2020 10:00 am PDT by
Following a couple of leaks in recent weeks, Beats today is officially announcing four new colors for its Powerbeats Pro wireless earphones: Spring Yellow, Cloud Pink, Lava Red, and Glacier Blue. The new earphones will go on sale June 9 and sell for the same $249.95 price as the existing color options. Aside from the colors, the new Powerbeats Pro models are otherwise identical to the...

Anker Launches $100 24K Gold-Plated USB-C to Lightning Cable

Wednesday May 27, 2020 12:47 pm PDT by
Anker, a brand normally known for its well-made, affordable accessories for Apple devices, has debuted a new $100 24K gold-plated USB-C to Lightning cable. According to Anker, the cable, which is in the PowerLine+ III family, features a "Special Edition Gold Design" that's "bold yet elegant" with the aforementioned gold-plated cable heads and matching braided gold and black cable. The...

More Photos and Video of Apple's Redesigned Leather Loop Watch Band Surface

Thursday May 28, 2020 10:50 am PDT by
Images of a new version of the Leather Loop that Apple appears to have in development surfaced yesterday, and today, Vietnamese site Tinhte.vn has shared additional photos and videos that give us a clearer picture of what to expect from the new band. The bands come in colors that include red, hot pink, blue, black, and brown, with some of the bands featuring different colored accents at the...