Facebook’s Research App Banned By Apple – TechCrunch

Following yesterday’s TechCrunch investigation, Apple blocked Facebook’s Research VPN application before the social network could voluntarily close it. The Research application requested users to access the root network to all the data they pass through their phone in exchange for $ 20 per month. Apple tells TechCrunch that last night it revoked the Business Certificate that allows Facebook to distribute the Research application without going through the App Store.

TechCrunch had reported that Facebook was infringing Apple’s policy that the Enterprise system is only for distributing internal corporate applications to employees, not paid external evaluators. That was actually before Facebook published a statement last night saying it had closed the iOS version of the Research program without mentioning that Apple had forced it to do so.

TechCrunch’s research found that Facebook has quietly operated the Research program on iOS and Android since 2016, recently under the name Project Atlas. He recruited children from 13 to 35 years old, 5 percent of whom were teenagers, with ads on Instagram and Snapchat and paid them a monthly fee plus referral bonuses to install the Facebook Research application, the included VPN application that routes the traffic to Facebook and to ‘Trust’ The company with access to the root network of your phone. That allows Facebook to attract a user’s web browsing activity, what applications are on their phone and how they use them, and even decrypt their encrypted traffic. Facebook went so far as to ask users to take a screenshot and send their Amazon order history. Facebook uses all this data to track competitors, evaluate trends and plan their product roadmap.

Facebook was forced to remove its similar Onavo Protect application in August of last year after Apple changed its policies to ban the data collection practices of the VPN application. But Facebook never closes the Research application with the same functionality that it was running in parallel. In fact, TechCrunch commissioned security expert Will Strafach to investigate Facebook’s research application, and we discovered that it included tons of codes and references similar to Onavo Protect. That means that Facebook deliberately disobeyed the spirit of Apple’s 2018 privacy policy change while abusing the company certificate program.

The applications of legitimate internal use of Facebook, such as the pre-release versions of Facebook and Instagram, as well as employee logistics applications, continue to work, according to the source. However, they could stop working if Apple completely blocked Facebook from distributing applications for employees only, even if they comply with their policies. As we predicted, it could be a much stricter punishment than just blocking the Reseearch application that would disrupt Facebook’s business protocol.

This morning, Apple informed us that it had banned Facebook’s research application yesterday before the social network apparently withdrew it voluntarily. Apple gave us this strongly worded statement that condemned the behavior of the social network:

“We designed our Business Developer Program solely for the internal distribution of applications within an organization. Facebook has been using its membership to distribute a data collection application to consumers, which is a clear violation of its agreement with Apple. Any developer who uses their business certificates to distribute applications to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data. ”

That comes in direct contradiction to Facebook’s initial response to our investigation. Facebook claimed that it was in line with Apple’s corporate certificate policy and that the program was no different from a focus group.

Seven hours later, a Facebook spokesman said he was withdrawing his iOS Research program without mentioning that Apple forced him to do so, and issued this statement in dispute over the characterization of our story:

“The key facts about this market research program are being ignored.” Despite the first reports, there was nothing “secret” about this, it was literally called Facebook’s research application, it was not “espionage” since all the people who registered to participate went through a clear process of incorporation in which they applied for their permission and were paid to participate in. Finally, less than 5 percent of the people who chose to participate in this market research program were adolescents. they with signed consent forms from the parents. ”

We refute those accusations by facebook. As we wrote last night, Facebook did not publicly promote VPN research and used intermediaries who often did not disclose Facebook’s participation until users started the registration process. While users received clear instructions and warnings, the program never emphasizes or mentions the full range of data that Facebook can collect through the VPN. A small fraction of paid users may have been teenagers, but we maintain the journalistic interest of their choice not to exclude minors from this data collection initiative.

The situation will surely worsen the relationship between Facebook and Apple after years of growing animosity among tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices, and Facebook’s Mark Zuckerberg has responded by offering free products for everyone, rather than products few others can afford such as Apple. The increased tensions could make Facebook receive fewer promotions in the App Store, fewer integrations in iOS and more hits from Cook. Meanwhile, the world sees Facebook as if it had been caught, threatening the user’s privacy and breaking Apple’s policy.