Mark Zuckerberg, Facebook

Facebook CEO Mark Zuckerberg. Drew Angerer/Getty Images
  • Facebook has been caught paying people R271 a month to spy on their phones and data.
  • Tech news website TechCrunch discovered the social network was asking some users to give them deep access to their phones and install virtual private networks in exchange for cash.
  • Facebook has defended the programme, but it raises questions about the social network’s approach to user privacy, even in the wake of its string of scandals.

Another day, another round of uncomfortable questions for Facebook.

The Silicon Valley social-networking giant has been paying teens and adults up to R271 a month to spy on their phones, their data, and the apps they use, according to a new report from TechCrunch – raising fresh concerns over the company’s approach to user privacy.

The tech news website found that Facebook operates a programme called “Project Atlas,” in which it recruits willing Apple iOS and Android users to give them root access to their devices, thereby allowing Facebook to view extensive data on participants’ mobile activity.

The app, Facebook Research, appears to be largely similar to Facebook’s controversial virtual-private-network app Onavo and shares much of the same code, according to security expert Will Strafach, who was asked by TechCrunch to investigate the program.

Apple previously banned Onavo outright from its App Store on the iPhone and the iPad over violations of its privacy policy. However, Facebook sidesteps this ban by offering Facebook Research directly to users, via a program that Apple offers to companies that want to offer custom apps to their own employees.

As TechCrunch said, reoffering an app very similar to Onavo, and potentially misusing a program intended for Apple’s enterprise customers to do it, may further strain relations between the two tech companies. The two have clashed in the past over their approaches to user privacy.

An Apple spokesperson did not immediately respond to Business Insider’s request for comment.

A Facebook spokesperson told Business Insider that it has no plans to end Facebook Research as a result of the report.

“Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate. We don’t share this information with others and people can stop participating at any time,” the spokesperson said in a statement.

Facebook also disputed that the app is a copy-and-paste version of the banned Onavo app, something that appears to be contradicted by evidence shared by Strafach.

Will Strafach

@chronic

the “Facebook Research” app can be found here, accessible by anyone + signed with the Enterprise Certificate, an unauthenticated server owned by Facebook: r[.]facebook-program[.]com/ios/stable/manifest[.]plist (this will likely get yanked by FB very soon)

Will Strafach

@chronic

they didn’t even bother to change the function names, the selector names, or even the “ONV” class prefix. it’s literally all just Onavo code with a different UI. pic.twitter.com/ruqH69pUfq

View image on Twitter
52 people are talking about this

Facebook’s rationale for the program appears to be to learn more about the apps that people use, in a vein similar to how it has used data gleaned from Onavo to harvest valuable data about how people use their phones.

But it also raises serious questions about how Facebook continues to approach and value sensitive user data, as the company attempts to recover from successive privacy scandals throughout 2018 and broader crises.

Ryan Mac

@RMac18

The key part of this story isn’t that Facebook was just paying anyone $20 a month for access to their phone data, they were specifically targeting teens, who may not have been aware of what they were downloading. https://techcrunch.com/2019/01/29/facebook-project-atlas/ 

Facebook pays teens to install VPN that spies on them

Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to…

techcrunch.com

Ryan Mac

@RMac18

As linked from the story, the sign up page for the research app (which is administered by a third-party company called Applause) makes no mention that the app being downloaded is for Facebook. pic.twitter.com/SkM2sAHscW

View image on Twitter
23 people are talking about this

Facebook also disputed that the program is specifically targeted at teens – but at least some of the attempts to enlist users are specifically geared toward people between 13 and 17, and feature a “parental consent agreement” that is nothing but a tick box, according to TechCrunch.

Similarly, Facebook said it fully disclosed its involvement in the program. But BuzzFeed News reporter Ryan Mac tried signing up after the TechCrunch report was published, and he found very few disclosures to participants that Facebook was behind it.

“This is the most defiant behavior I have EVER seen by an App Store developer. it’s mind blowing,” Strafach tweeted. “I still don’t know how to best articulate how absolutely floored I am by Facebook thinking they can get away with this.”