Facebook paid young people to use data collection app; Apple bane [atualizado]

This year started for the Facebook Just as 2018 ended: wrapped around user privacy policies and the handling of personal data. This time, however, Mark Zuckerberg's company managed to go beyond, even circumventing the App Store guidelines to offer a data collection “program”. And yours went bad. That's because Apple decided to ban the Facebook search application, as reported by the Recode.

In a statement, the company reported that it “designed the Developer Enterprise Program exclusively for an organization's internal distribution of applications,” and that “Facebook has been using its members to distribute a data collection application to consumers, which is a clear breach of its agreement with Apple. ”The company went further, further stating that“ any developer using their corporate certificates to distribute applications to consumers has their certificates revoked, which is what we have done in this case to protect our users and their data. "

How it all started

To understand the seriousness of the most recent case, it is necessary to go back a few months, more precisely last August. At that time, Apple prohibited applications from creating databases of users' personal information and sharing (or selling) that information; Among the targets of this rule was the VPN app Onavo Protect, which Facebook acquired at the end of 2013, for which it was, for example, that Zuckerberg's company was able to analyze the expressiveness of WhatsApp (buying it the following year).

After discovering the true “slaughter” of data that Facebook had created through the Onavo app, Apple asked the company to remove it from the App Store, claiming the software was violating its data collection policies. No sooner said than done? Not exactly. In fact, the Onavo Protect app has been removed from the App Store, but no one expected that Facebook had a letter up its sleeve to continue with its data collection program.

Facebook Research

This brings us current controversy. Since 2016, Facebook has been paying users to install the Facebook Research app on their iOS and Android devices, as reported by TechCrunch. Participants in this “survey” were between 13 and 35 years old and received about $ 20 per month for their privacy (as you will see below). The program was run by testing companies Applause, BetaBound and uTest, which covered Facebook's involvement, and was also referred to in some documentation as the "Atlas Project" to circumvent surveillance.

Facebook Research Installation

Because the app works similarly to Onavo Protect (even directing data to an address associated with it), Facebook did something outrageous: through a corporate certificate, the user could download the Facebook Research app without accessing the App Store and personally refer other users to do the same, definitely bypassing one of the Apple and Google app store guidelines. Once installed, the app asked for permission to access just about any information you can imagine: messages, photos, videos, browsing and location data, among others (Facebook even required screenshots that showcase your customers' shopping history). Amazon users).

By installing the software, you give our customers permission to collect data from your phone to help them understand how you surf the internet and how you use the features of the applications you have installed that means you are allowing our customer to collect information like what apps are on your phone, how and when you use them, data about your activities and content in those apps, and how other people interact with you or your online content. You are also allowing our client to collect information about your internet browsing activity (including the websites you visit and the data that is exchanged between your device and those websites) and your use of other online services. There are some cases where our client collects this information even when the app uses encryption or in secure browser sessions.

It is still unclear whether Facebook collected all that data, but according to online security expert Will Strafach, the company could easily view it and do whatever it liked with it. In the case of users under the age of 18, the TechCrunch He said that a person in charge should authorize the participation of this young person in the program, but that was very simple to circumvent.

I thought I would see how robust parental control for the Facebook program. In less than five minutes I was able to sign up as a 14 year old boy with two children. They required no proof of parental consent. I just received a link to download the iOS app.

The Facebook Answer

In response to the complaint TechCrunch, a Facebook spokesman confirmed that the program was running and said it aims to "know how people use their phones and other services."

Like many companies, we invite people to participate in surveys that help us identify what we can do best. Because this survey aims to help Facebook understand how people use their mobile devices, we provide comprehensive information about the type of data we collect and how they can participate. We do not share this information with others and people may stop participating at any time.

The same Facebook representative said Onavo and Facebook Research are separate programs, but admitted that the same team supports and develops both services and that they are so similar. Regarding the method of installing the app, the spokesman stated that Facebook “does not violate Apple's corporate certificate policy”, but is contrary to the terms of these guidelines, which explain that developers cannot “use, distribute or make available their applications that are internal to your customers unless they are under the direct supervision of employees or on company premises ”which is definitely not the case.

In another statement sent to the Gizmodo, Facebook has stated that the program is under the laws of the platforms on which it is used and that such allegations "misrepresented" its execution.

Important facts about this market research program are being ignored. Despite the first reports, there is no secret about it; It's called the Facebook Research App. It's not meant to spy on all the people who participate in it, who are asked if they want to participate and who are paid for it. Finally, less than 5% of the people who chose to participate in this market research are teenagers. All of them with their parents' consent forms.

But Facebook gave the arm a twist and issued a new note explaining that it would not only remove the Facebook Research app for iOS, but would end Project Atlas probably already anticipating the fact that Apple would ban the app.

The repercussion

For Strafach, this is the "most challenging behavior done by an App Store developer."

This is the most challenging behavior I've ever seen from an App Store developer. mind-blowing. This was a great @JoshConstine investigation I still don't know how to better articulate how absolutely shocked I am on Facebook thinking they can get away with it.

Once again, Facebook has hit the ball and has shown that it can go over anything to get data and more personal information from its users which is a shame, really.

via User Manual

Update by Eduardo Marques 1/30/2019 14:02

Some may think that Apple's response was not time for the Facebook breach, but the attitude was pretty serious.

This is because revoking a certificate not only prevents the distribution of apps for iOS, but also prevents such apps from working. And because internal applications from the same company or developer can be connected to a single certificate, this can lead to huge problems. Example: Test builds of apps like Facebook, Facebook Messenger, Instagram, and WhatsApp Messenger, distributed internally on Facebook (for employees to test apps), just don't work as they should, as reported. The verge.

Facebook is treating this as a critical problem internally, we are told, as affected applications are simply not open on employees' phones.

() This is a big problem for Facebook. While Apple provides other tools that companies can use to install applications internally, Apple's corporate program is the primary solution for widely deploying internal applications and services.

For developer Steve Troughton-Smith, Apple's blunt attitude:

Considering the time it would take to get a new corporate certificate, if it is accepted, it could really ruin Facebook's inner workings if all of its internal iOS apps and betas stop working.

as if you trusted Google Apps to run everything within your business internally and Google revoked your primary account indefinitely because you violated any rules. You can imagine how catastrophic that would be.

Imagine how things are not there inside Facebook right now