Apple busts Facebook for distributing data-sucking app

January 30, 2019 by Barbara Ortutay
Apple busts Facebook for distributing data-sucking app
This Feb. 19, 2014, file photo shows the Facebook app icon on an iPhone in New York. Apple says it has banned a Facebook-made app that paid users, including teenagers, to extensively track their data. The app, Facebook Research, tracked people's phone and web activity in exchange for payments. A report in the tech blog TechCrunch on Tuesday, Jan. 29, 2019, says Facebook paid about $20 a month in exchange for people letting it track their phone activities. While Facebook says this was done with permission, the company has a history of defining "permission" loosely and obscuring what sort of data it collects. (AP Photo/Karly Domb Sadof, File)

Apple says Facebook can no longer distribute an app that paid users, including teenagers, to extensively track their phone and web use.

In doing so, Apple closed off Facebook's efforts to sidestep Apple's app store and its tighter rules on privacy.

The tech blog TechCrunch reported late Tuesday that Facebook paid people about $20 a month to use the Facebook Research app. While Facebook says this was done with permission, the company has a history of defining "permission" loosely and obscuring what data it collects.

"I don't think they make it very clear to users precisely what level of access they were granting when they gave permission," mobile app security researcher Will Strafach said Wednesday. "There is simply no way the users understood this."

He said Facebook's claim that users understood the scope of data collection was "muddying the waters."

Facebook says fewer than 5 percent of the app's users were teens and they had parental permission. Nonetheless, the revelation is yet another blemish on Facebook's track record on privacy and could invite further regulatory scrutiny.

And it comes less than a week after court documents revealed that Facebook allowed children to rack up huge bills on digital games and that it rejected recommendations for addressing it for fear of hurting revenue growth.

For now, the app appears to be available for Android phones, though not through Google's main app store. Google had no comment Wednesday.

Apple said Facebook was distributing Facebook Research through an internal-distribution mechanism meant for company employees, not outsiders. Apple has revoked that capability.

Facebook is still permitted to distribute apps through Apple's app store, though such apps are reviewed by Apple ahead of time. And Apple's move Wednesday restricts Facebook's ability to test those apps—including core apps such as Facebook and Instagram—before they are released through the app store.

Facebook previously pulled an app called Onavo Protect from Apple's app store because of its stricter requirements. But Strafach, who dismantled the Facebook Research app on TechCrunch's behalf, told The Associated Press that it was mostly Onavo repackaged and rebranded, as the two apps shared about 98 percent of their code.

As of Wednesday, a disclosure form on Betabound, one of the services that distributed Facebook Research, informed prospective users that by installing Facebook Research, they are letting Facebook collect a range of data. This includes information on apps users have installed, when they use them and what they do on them. Information is also collected on how other people interact with users and their content within those apps, according to the disclosure.

Betabound warned that Facebook may collect information even when an app or web browser uses encryption.

Strafach said emails, social media activities, private messages and just about anything else could be intercepted. He said the only data absolutely safe from snooping are from services, such as Signal and Apple's iMessages, that fully encrypt messages prior to transmission, a method known as end-to-end encryption.

Strafach, who is CEO of Guardian Mobile Firewall, said he was aghast to discover Facebook caught red-handed violating Apple's trust.

He said such traffic-capturing tools are only supposed to be for trusted partners to use internally. Instead, he said Facebook was scooping up all incoming and outgoing data traffic from unwitting members of the public—in an app geared toward teenagers.

"This is very flagrantly not allowed," Strafach said. "It's mind-blowing how defiant Facebook was acting."

Explore further: Facebook paid users to track smartphone use: report

Related Stories

Facebook paid users to track smartphone use: report

January 30, 2019

Facebook paid users, including teens, to track their smartphone activity as part of an effort to glean more data that could help the social network's competition efforts, according to a new report that may raise fresh privacy ...

FACT CHECK: Facebook defines 'permission' loosely

December 19, 2018

Facebook gave companies such as Apple, Amazon and Yahoo extensive access to users' personal data, effectively exempting them from the company's usual privacy rules, according to a New York Times report .

What can you do to protect your data on Facebook?

December 20, 2018

Facebook has shared users' private messages, contact information and other personal data with companies such as Microsoft and Spotify, according to a New York Times report that was alarming even in light of previous disclosures ...

Recommended for you

Great white shark genome decoded

February 18, 2019

The great white shark is one of the most recognized marine creatures on Earth, generating widespread public fascination and media attention, including spawning one of the most successful movies in Hollywood history. This ...

Light-based production of drug-discovery molecules

February 18, 2019

Photoelectrochemical (PEC) cells are widely studied for the conversion of solar energy into chemical fuels. They use photocathodes and photoanodes to "split" water into hydrogen and oxygen respectively. PEC cells can work ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.