This article was published 5 yearsago

Facebook has been found violating Apple’s policies (again) by using its previously banned snooping app to collect data from more than 187,000 users.

Since 2016, Facebook was secretly conducting a “research” operation to stay ahead of its competitors. What was this operation? It was dubbed Project Atlas. It involved paying volunteers in exchange for their mobile data. This data involved how they used some apps, their web browsing histories as well as contact information. Facebook went well beyond its boundaries and even asked these volunteers to send screenshots of their Amazon order history. These volunteers consisted mainly of teenagers and age range of these people lied  between 13 to 35 years. They were paid $20 per month and extra fees for sharing their app.

Facebook carried out this using a VPN app called Onavo Protect which was basically a information collecting app under the hood of a VPN app. But in August last year this app was taken down from Apple App Store for violation of its policies. Later, Google Play Store removed the app following Apple’s footsteps.

Facebook running another app under the name “Facebook Research” which functioned similarly. This app has been banned by Apple App Store after an investigation report from TechCrunch was confirmed by Apple. The app violated Apple’s policies for the Enterprise Certificate program under which distributing internal corporate apps to employees was allowed but paid testing by external volunteers was not. Apple has revoked Facebook’s Enterprise certificate for the same earlier this year.

Facebook Research App employed a VPN to route information traffic to Facebook. Then it asked its user to allow that app root network access to their phone. In exchange of this information being gathered from the user (using user granted permissions to install internal apps), the company paid them $20 plus referral fees. Not only was this abuse of Apple’s Enterprise program but also its privacy policies. Revoking the Enterprise Certificate will also break Facebook’s internal employee applications.

Out of the 187,000 who have risked risked their personal data, 31,000 are users from the U.S. while the remaining from India. Out of those 31,000 users, 4,300 were teenagers in the age range 13 to 17.

Though Facebook cleared that the app was for the purpose of market research and analytics only, it did collect limited non-targeted content like health and financial information.

But Facebook isn’t the only company guilty for abusing Apple’s Enterprise Certificate. Google too has been running similar application called Screening Meter. It operations closely resembled to that of Facebook Research. The payment was done in the form of gift cards. It also employed the same Enterprise Certificate-based VPN to route traffic and gain users consent to track their internet activity and collect data. This app too was taken down by Apple earlier this year.

Apple and Facebook has a long history of rivalry and both of its heads have been outspoken in criticizing each other. Tim Cook, CEO of Apple Inc., has constantly criticized Facebook for its data collection policies. Mark Zuckerberg, Chairman and CEO of Facebook, also refuted while comparing Facebook’s free services with Apple’s costly ones. Now, policy breaches like these will only make the situation worse for Facebook.

Though Apple has decided to take strict actions against both these apps, Google Play Store seems to be giving such application a green light as its own, Screenwise Meter app is still available on Play Store. Even Facebook rebranded its Research app under a new name Study and made it available on Google Play Store. No actions (yet) have been taken on any of these apps.

Existence of such applications only proves how important market research through collecting user data is to these companies. Facebook, along with Google and a few other tech giants like Amazon are being examined by the Justice Department and the Federal Trade Commission for possible violation of the U.S. antitrust laws.