According to a report on TechChrunch Facebook has been secretly paying people to install a VPN called “Facebook Research”. The app basically asks people to give them access to everything on the phone, including root access to network traffic.
It seems like Facebook has been up to this since 2016 – even after a similar app (Facebook’s Onavo Protect) of the network was banned from the app store. According to security expert Will Strafach Facebook could collect data from “private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” The network goes so far as to ask them to screenshot their Amazon order history. This is a scary amount of information!
The crazy thing is that Facebook had a similar app called Onavo on the Apple store before – and it got banned because of, well, the same reasons Atlas is criticized now. Facebook is working around this “issue” now by sideloading the new VPN through different app beta testing services: BetaBound, uTest, and Applause.
The apps advertise Facebooks Project Atlas on different channels, including Instagram where some target 13-17 year old teenagers for a “paid social media research study.” while others offer a 20$ gift card per month to let the app run in the back.
All in all Facebook’s involvement is not clear at first sight and the social network also does not give exact information as to how much data is really being send over to them. Strafach says that “it is tricky to know what data Facebook is actually saving (without access to their servers). The only information that is knowable here is what access Facebook is capable of based on the code in the app. And it paints a very worrisome picture.“
What’s clear to pretty much everyone is that what Facebook is doing is against Apples rules when it comes to their platform. Facebook claims that it pulled the Atlas app immediately after they found out that it wasn’t in compliance (basically after the TechChrunch article went live). Apple on the other hand told a different story: They claimed that they actually blocked the app before Facebook decided to move.
No matter what: Facebook does not feel guilty. According to the networks chief operating officer Sheryl Sandberg “the important thing is that the people involved in that research project knew they were involved and consented.”