Facebook Paying Teens $20/Month to Install Data Harvesting VPN App on iPhones

Apple in August 2018 forced Facebook to remove its Onavo VPN app from the App Store, because Facebook was using it to track user activity and data across multiple apps, something that violate's Apple's ‌App Store‌ policies.

As it turns out, Facebook has found an underhanded way to skirt Apple's rules and get people to continue installing its VPN -- paying them.


TechCrunch this afternoon exposed Facebook's "Project Atlas" program, in which Facebook paid people -- adults and teenagers -- to install a "Facebook Research" VPN that is similar to the Onavo VPN app.

As of 2016, Facebook has been secretly offering people aged 13 to 35 up to $20 per month along with referral fees to sideload the Facebook Research app using an enterprise certificate on iPhone. Enterprise certificates like this are designed to allow companies to distribute internal corporate apps and give full root access to a device.

To hide its involvement, Facebook has been using beta testing services like Applause, BetaBound and uTest to recruit participants to install Facebook Research.

By getting people to sideload an app this way through an enterprise certificate, Facebook has access to data that includes private messages in social media apps, chats from instant messaging apps (including photos and videos), emails, web searches, web browsing activity, and ongoing location information. It's not clear if Facebook is accessing this data, but it could, according to security researcher Will Strafach, who TechCrunch consulted for this piece.

"The fairly technical sounding 'install our Root Certificate' step is appalling," Strafach tells us. "This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this."

The terms of service for the Facebook Research app suggest Facebook was collecting information about the smartphone apps on a participant's phone and how and when those apps are used. Facebook also said it would collect data about activities and content within the apps, and information about internet browsing history. There's even a line suggesting Facebook collects data even when an app uses encryption or from within a secure browser session.

Facebook confirmed the program in a statement provided to TechCrunch and reportedly said that the Facebook Research app was "in line with Apple's Enterprise Certificate program," though that does not seem to be the case based on Apple's Enterprise Certificate policy.

"Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we've provided extensive information about the type of data we collect and how they can participate. We don't share this information with others and people can stop participating at any time."

Apple has been made aware of the issue, but declined to provide a comment to TechCrunch. It's not clear how the Cupertino company will handle the situation, but as TechCrunch points out, Apple CEO Tim Cook has been highly critical of Facebook and its privacy violations. Apple could potentially block the Facebook Research app or revoke Facebook's permission to distribute internal apps entirely.

Full details on Facebook's spying app can be found in TechCrunch's exposé.

Top Rated Comments

(View all)
Avatar
21 months ago
Facebook is garbage.
Score: 42 Votes (Like | Disagree)
Avatar
21 months ago
What moron sells all their personal data for at most $20/month. Good lord people are dumb.
Score: 35 Votes (Like | Disagree)
Avatar
21 months ago
Wow, when will people realize how truly evil Facebook really is.

Apple should make an example of them and ban their app, at least temporarily.
Score: 34 Votes (Like | Disagree)
Avatar
21 months ago
Mark, Mark, Mark, Mark, Mark. Do you even know what the "P" in VPN stands for? Private. You've made a data-harvesting virtual private network. That doesn't compute!

Score: 27 Votes (Like | Disagree)
Avatar
21 months ago
facebook should be paying me $20/month to use Facebook at all for the amount of $$$ they made off of my data.
Score: 24 Votes (Like | Disagree)
Avatar
21 months ago
I am sick of these companies and all this garbage they are pulling! Especially, Facebook.
Score: 22 Votes (Like | Disagree)

Top Stories

Here's How You Can Download iOS 14 and iPadOS 14 Around the World [It's Out]

Wednesday September 16, 2020 2:36 am PDT by
Apple's official public release of iOS 14 and iPadOS 14 dropped on Wednesday, September 16, just a day after the company released the Golden Master to third-party developers. Also set to be made available to the general public for the first time are watchOS 7 and tvOS 14. Getting Started With iOS 14 Video Click image to watch iOS 14 Getting Started While that's left a lot of developers...

Apple Updates AirPods 2 and AirPods Pro Firmware to Version 3A283

Monday September 14, 2020 11:24 am PDT by
Apple today released new 3A283 firmware updates for the second-generation AirPods and the AirPods Pro. The second-generation AirPods are being updated from the 2D15 firmware they were previously running, while the AirPods Pros are being updated from the 2D27 firmware they had installed previously. Apple does not provide details on what's included in refreshed firmware so we don't know what's ...

New AirPods Pro Firmware Introduces Spatial Audio Support and Automatic Switching

Monday September 14, 2020 12:22 pm PDT by
The new 3A283 firmware that Apple released for the AirPods Pro today appears to introduce support for Spatial Audio, a new feature coming to the higher-end AirPods with iOS 14. Multiple reports on Twitter and the MacRumors forums indicate that the firmware update adds a "Spatial Audio" option to the Control Center, which can be activated to enable the feature. Note that using Spatial Audio...

Spotify Says Apple One Bundle Will Cause 'Irreparable Harm to Developer Community'

Tuesday September 15, 2020 12:26 pm PDT by
Apple today announced Apple One, a series of new subscription bundles that provide access to various Apple services at a combined monthly price. In response, Spotify sent out statements (via Peter Kafka) to the press decrying Apple's anti-competitive behavior and calling on "competition authorities" to stop Apple before it is able to cause "irreparable harm" to developers.Once again, Apple...

Bloomberg: Apple Watch Series 6 With SpO2 Tracking and All-Screen iPad Air Coming at 'Time Flies' Event, Apple Silicon Macs by November

Monday September 14, 2020 5:20 am PDT by
Apple is set to host a virtual event on Tuesday at 10 a.m. Pacific Time, and ahead of time, Bloomberg's Mark Gurman has outlined his expectations for new product announcements both tomorrow and in the months to follow. Gurman, who has a very strong track record, reiterated that this Tuesday's event will be focused on the introduction of new Apple Watch Series 6 and iPad Air models, adding...

iOS 14, iPadOS 14, watchOS 7, and tvOS 14 Will Be Released September 16

Tuesday September 15, 2020 11:06 am PDT by
Apple today announced that iOS 14, iPadOS 14, watchOS 7, and tvOS 14 will be officially released on Wednesday, September 16. Apple has seeded the final Golden Master beta versions of each update to developers in advance. ‌iOS 14‌ and iPadOS 14 introduce dozens of new features, including a redesigned Home Screen that supports widgets on the iPhone and iPad for the first time. For more...

When Will the iPhone 12 Launch? Here's What We Know

Wednesday September 16, 2020 6:12 am PDT by
Yesterday's "Time Flies" Apple event saw the release of the Apple Watch Series 6, Apple Watch SE, iPad 8, and iPad Air 4, but no new iPhone models. Rumors before the event strongly alleged that it would not see the unveiling of new iPhones, with many reports pointing to an October launch. The lack of new iPhone models yesterday seems to confirm that the iPhone 12 lineup will not appear...

Full Transcript of Apple's 'Time Flies' Event With Apple Watch and iPad Updates

Tuesday September 15, 2020 8:46 am PDT by
Apple's virtual "Time Flies" event kicks off today at 10:00 a.m. Pacific Time, with Apple expected to debut new Apple Watch and iPad models, but it appears we may not see the iPhone 12 until next month. While we're not expecting to see new iPhones today, Apple's software updates for its various platforms are likely nearly ready for launch, so we may be hearing more about them today. Check...

Apple Releases iOS 14 and iPadOS 14 With Home Screen Redesign, App Library, Compact UI, Translate App, Scribble Support, App Clips, and More

Wednesday September 16, 2020 12:48 pm PDT by
Apple has released iOS 14 and iPadOS 14, the newest operating system updates designed for the iPhone and iPad. As with all of Apple's software updates, iOS 14 and iPadOS 14 can be downloaded for free. iOS 14 is available on the iPhone 6s and later, while iPadOS 14 is available on the iPad Air 2 and later. The updates are available on all eligible devices over-the-air in the Settings app. To ...

Everything Apple Announced at Today's iPad and Apple Watch Event in Just Seven Minutes

Tuesday September 15, 2020 2:19 pm PDT by
Apple today held its annual September event, but this year was a bit different because no new iPhones were announced. The "Time Flies" event focused on the Apple Watch Series 6 and the iPad Air, and saw the debut of a new Apple One services bundle. Subscribe to the MacRumors YouTube channel for more videos. It took Apple an hour to introduce the new devices, but we've recapped the event in...