Facebook slammed over covert app that pays teenagers for data
Facebook has been criticized for operating a secretive market research project which paid teenage users in return for unfettered access to their personal data.
Dubbed “Facebook Research,” participants installing the social networking giant’s app received requests for high levels of access to their device which enables vast amounts of information to be collected.
As reported by TechCrunch, the app gains “nearly limitless” access to a device once installed and is able to collect information including private messages sent in social media applications, chat sessions, photos and videos sent to acquaintances, emails, search engine queries, browsing activity, and data gathered by location-tracking apps.
Facebook also requested that users screenshot their Amazon purchase histories.
How much is this data worth? A grand total of up to $20 a month, alongside referral fees. It is not known, however, what information Facebook decides to keep, or how this data is used.
While there are many of us who join market research projects for the purposes of financial gain, the reported age range is of concern — as the youngest users permitted are 13 years old. The oldest can be up to 35 years old.
The Facebook Research app was developed for iOS and Android devices and requires a root certificate to be installed on sign-up, which gives the system deeper access to devices than the majority of other apps on the market.
See also: 5 things you should know about VPNs
The secretive system potentially breaks Apple’s terms of service when it comes to protecting the privacy of users. Apple told the publication that the company was aware of the issue, and after the report was published, Facebook told the BBC that the program would end for iOS users, who were offered the app directly to circumvent Apple’s privacy requirements.
The information of participants using Android devices, however, is still fair game as the data-collection push on this platform will continue. However, the app is not hosted in the Google Play Store and is, instead, offered directly to participants.
While Facebook maintains that parental consent should be acquired before minors use the app, reporters discovered that the check is no more than a simple tick-box. This may cover Facebook against legal repercussions but in reality, younger users may not understand what they are agreeing to.
The app has also drawn comparisons with Onavo due to coding similarities. Acquired by Facebook in 2013, the market research service offers users a free VPN in exchange for their mobile traffic and information relating to their use of websites, apps, and data.
Onavo is still available on Google Play, but the app was removed from the App Store after Apple implemented new privacy rules and the software was found to be in violation of the revised terms.
TechRepublic: 5 ways to enforce company security
A researcher commissioned by TechCrunch to investigate the app branded Facebook Research as a “poorly re-branded build of the banned Onavo app,” and with the installation of root certificates which Apple requires to be only be used by employees under its Developer Enterprise Program License Agreement, it will be interesting to see how Apple responds to these findings.
Facebook, however, does not appear to think there is anything wrong with a project of this nature — and one which involves minors in such a way.
“Like many companies, we invite people to participate in research that helps us identify things we can be doing better,” a Facebook spokesperson said. “Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate. We don’t share this information with others and people can stop participating at any time.”
When approached, Google chose not to comment.
ZDNet has reached out to Apple and will update if we hear back.
Previous and related coverage