Facebook is in the News again and as you might have thought, it is in the news for the wrong reason.
The social media giant has launched a secret service that is similar to its well criticized virtual private network app, Onavo. However, this time Facebook is using third-party beta testing services to pay participants in order to harvest virtually every single meaningful data on their device, which is in violation of Apple's rule, a TechCrunch report said.
First, Facebook used Onavo VPN to pry and monitor users behaviour. This and other data that Facebook harvested from users gave the company deep analytics on what other apps were using and how it was done. With all this information, Facebook knew the features that it needed to copy from her competitors, features to build and flops to avoid.
However, Facebook came under heavy fire when her shady practices became known to the public. After the ban of the Onavo VPN app from Apple's Play Store, Facebook began to sought for other means to suck people's data to stay top of the competition.
According to TechCrunch, "Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android 'Facebook Research' app."
Launched in 2016, the app was originally called "Facebook Research' but later became known as Project Atlas since mid-2018 when backlash against Onavo began to build. To avoid direct involvement in the program, Facebook had the program administered through three beta testing services; Applause, BetaBound and uTest to distribute the research app.
The app requests permission that would allow the company to harvest data from private messages, photos, web browsing habits etc on Android and iOS. In exchange, Facebook gave the participants $20 payments in form of gift cards, and more for referrals. Users at some point are even asked to take screenshots of their Amazon order histories
Guardian Mobile Firewall security Will Strafach told TechCrunch:
"If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps - including photos/videos sent to others, emails, web searches activity, and even ongoing location by tapping into the feeds of any location tracking apps you may have installed."
.
TechCrunch notes that program participants on iOS are asked to sideload the app using an Apple Enterprise Developer Certificate which is likely in violation of Apple rules.
"Facebook seems to have purposefully avoided TestFlight, Apple's official beta testing system, which requires apps to be reviewed by Apple and is limited to 10,000 participants," TechCrunch said.
"Instead, the instruction manual reveals that users download the app from r.facebook-program.com and are told to install an Enterprise Developer Certificate and VPN and "Trust" Facebook with root access to the data their phone transmits. Apple requires that developers agree to only use this certificate system for distributing internal corporate apps to their own employees. Randomly recruiting testers and paying them a monthly fee appears to violate the spirit of that rule."
Last year, Facebook was plagued with several issues, from data breaches, failures to tackle political interference, bugs and other privacy scandals. Though the social media giant faced a congress hearing and as well an International probe committee that comprised of 7 countries, Facebook's user base hasn't stagnated.