Facebook Paying Teens $20/Month to Install Data Harvesting VPN App on iPhones

Apple in August 2018 forced Facebook to remove its Onavo VPN app from the App Store, because Facebook was using it to track user activity and data across multiple apps, something that violate's Apple's ‌App Store‌ policies.

As it turns out, Facebook has found an underhanded way to skirt Apple's rules and get people to continue installing its VPN -- paying them.

facebookresearchapp
TechCrunch this afternoon exposed Facebook's "Project Atlas" program, in which Facebook paid people -- adults and teenagers -- to install a "Facebook Research" VPN that is similar to the Onavo VPN app.

As of 2016, Facebook has been secretly offering people aged 13 to 35 up to $20 per month along with referral fees to sideload the Facebook Research app using an enterprise certificate on iPhone. Enterprise certificates like this are designed to allow companies to distribute internal corporate apps and give full root access to a device.

To hide its involvement, Facebook has been using beta testing services like Applause, BetaBound and uTest to recruit participants to install Facebook Research.

By getting people to sideload an app this way through an enterprise certificate, Facebook has access to data that includes private messages in social media apps, chats from instant messaging apps (including photos and videos), emails, web searches, web browsing activity, and ongoing location information. It's not clear if Facebook is accessing this data, but it could, according to security researcher Will Strafach, who TechCrunch consulted for this piece.

"The fairly technical sounding 'install our Root Certificate' step is appalling," Strafach tells us. "This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this."

The terms of service for the Facebook Research app suggest Facebook was collecting information about the smartphone apps on a participant's phone and how and when those apps are used. Facebook also said it would collect data about activities and content within the apps, and information about internet browsing history. There's even a line suggesting Facebook collects data even when an app uses encryption or from within a secure browser session.

Facebook confirmed the program in a statement provided to TechCrunch and reportedly said that the Facebook Research app was "in line with Apple's Enterprise Certificate program," though that does not seem to be the case based on Apple's Enterprise Certificate policy.

"Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we've provided extensive information about the type of data we collect and how they can participate. We don't share this information with others and people can stop participating at any time."

Apple has been made aware of the issue, but declined to provide a comment to TechCrunch. It's not clear how the Cupertino company will handle the situation, but as TechCrunch points out, Apple CEO Tim Cook has been highly critical of Facebook and its privacy violations. Apple could potentially block the Facebook Research app or revoke Facebook's permission to distribute internal apps entirely.

Full details on Facebook's spying app can be found in TechCrunch's exposé.

Popular Stories

Apple Intelligence General Feature

Apple Intelligence Features Not Coming to European Union at Launch Due to DMA

Friday June 21, 2024 9:44 am PDT by
Apple today said that European customers will not get access to the Apple Intelligence, iPhone Mirroring, and SharePlay Screen Sharing features that are coming to the iPhone, iPad, and Mac this September due to regulatory issues related to the Digital Markets Act. In a statement to Financial Times, Apple said that there will be a delay as it works to figure out how to make the new...
iOS 18 on iPhone Feature

Everything New in iOS 18 Beta 2

Monday June 24, 2024 12:52 pm PDT by
Apple today released the second betas of iOS 18 and iPadOS 18 to developers, and the software adds support for new features that Apple is working on, plus it tweaks some of the interface changes that have been made in the updates. Apple will refine iOS 18 over the course of the next few months, with multiple changes and refinements expected from now until September. We've highlighted...
Apple WWDC24 Apple Intelligence hero 240610

Apple Explains iPhone 15 Pro Requirement for Apple Intelligence

Wednesday June 19, 2024 4:48 am PDT by
With iOS 18, iPadOS 18, and macOS Sequoia, Apple is introducing a new personalized AI experience called Apple Intelligence that uses on-device, generative large-language models to enhance the user experience across iPhone, iPad, and Mac. These new AI features require Apple's latest iPhone 15 Pro and iPhone 15 Pro Max models to work, while only Macs and iPads with M1 or later chips will...
amazon echo dot

Amazon Could Charge Up to $10/Month for Alexa

Friday June 21, 2024 2:55 pm PDT by
Apple competitor Amazon is working on a revamp of its Alexa assistant, and the new version could cost up to $10 per month, according to a report from Reuters. The upcoming version of Alexa will support conversational generative AI, and Amazon is planning for two tiers of service. There will be a free tier and a second, premium tier that is priced at $5 at a minimum, with Amazon considering...
top stories 22jun2024

Top Stories: Apple Watch X Rumors, New Final Cut App for iPhone, and More

Saturday June 22, 2024 6:00 am PDT by
The avalanche of news coming out of WWDC earlier this month is finally starting to slow, but that doesn't mean there wasn't still lots to talk about in Apple news and rumors this week. This week saw some additional rumors about the upcoming Apple Watch models, the release of major Final Cut Pro updates, the launch of Apple's annual Back to School promo in the U.S. and Canada, new...

Top Rated Comments

PotatoLeekSoup Avatar
71 months ago
Facebook is garbage.
Score: 42 Votes (Like | Disagree)
brendu Avatar
71 months ago
What moron sells all their personal data for at most $20/month. Good lord people are dumb.
Score: 35 Votes (Like | Disagree)
HiVolt Avatar
71 months ago
Wow, when will people realize how truly evil Facebook really is.

Apple should make an example of them and ban their app, at least temporarily.
Score: 34 Votes (Like | Disagree)
AngerDanger Avatar
71 months ago
Mark, Mark, Mark, Mark, Mark. Do you even know what the "P" in VPN stands for? Private. You've made a data-harvesting virtual private network. That doesn't compute!

Score: 27 Votes (Like | Disagree)
farewelwilliams Avatar
71 months ago
facebook should be paying me $20/month to use Facebook at all for the amount of $$$ they made off of my data.
Score: 24 Votes (Like | Disagree)
cashville2400 Avatar
71 months ago
I am sick of these companies and all this garbage they are pulling! Especially, Facebook.
Score: 22 Votes (Like | Disagree)