Facebook has been caught in another data mining scandal. This time it involves the company paying users as young as 13-years-old to install a Facebook Research app on their phone which can then access almost all of the data on their device. Here are the six key things you need to know about Facebook’s latest fumble.
1. The Facebook Research App Could Access Virtually All the Data on a User’s Phone
According to TechCrunch’s report, between 2016 and 2019, Facebook asked users to download a Facebook Research VPN app and give it root access to the network traffic on their phone. Once installed, this app could access:
- Private messages in social media apps
- Chats from instant messaging apps including the photos and videos that were sent
- Emails
- Web searches
- Web browsing activity
- Continuous location information
It’s not clear what data Facebook saved but it could potentially have collected all the data listed above from users of the Facebook Research app.
2. Facebook Requested Amazon Purchase Data
Facebook also asked some users of the Facebook Research app to screenshot their Amazon order history. When combined with the data accessed through the Facebook Research app, this could have allowed Facebook to connect purchasing patterns with app and browsing activity.
3. Facebook Requested Data From Teens
Some of the ads promoting the Facebook Research app sought users as young as 13. While participants aged 13-17 were required to gain parental consent, some did go on to install the app and give Facebook root access to their phones.
According to Facebook, less than 5% of the people participating in this market research program were teens and all of them submitted signed parental consent forms.
4. Apple Has Banned the Facebook Research App and Blocked Its Internal iOS Apps
Facebook asked users to download the Facebook Research app from its own site, install an enterprise developer certificate and VPN, and trust Facebook with root access to their phone’s data. Doing this allowed Facebook to sidestep the iOS App Store and avoid the standard app approval process.
Apple’s Developer Enterprise Program certificate policy says that this certificate system should only be used to distribute internal corporate apps to employees. This means Facebook’s decision to distribute their app to outside beta testers through this certificate system is a direct violation of the policy.
Facebook initially claimed that it was shutting down the iOS Facebook Research app and had not violated Apple’s policy. However, Apple has since disputed this claim and says that Facebook did violate its policies. Apple also claimed it (not Facebook) was responsible for shutting down the Facebook Research app and has removed Facebook’s ability to use and distribute internal iOS apps.
Update: Apple has now reinstated Facebook’s enterprise developer certificate which means it can now use and distribute internal iOS apps.
5. Facebook Did Not Immediately Disclose Its Involvement in This Research Program
Facebook administered this program through the beta testing services Applause, BetaBound, and uTest. However, many of the signup pages from these companies don’t mention Facebook. Additionally, participants are often not made aware of Facebook’s involvement in the project until just before being asked to install the Facebook Research app.
6. Participants Were Paid up to $20 per Month Plus Referral Fees
One of the signup pages for the Facebook Research app offered users $20 per month and $20 per friend referred. Payments were made via e-gift cards.