Facebook Is Paying Teens to Install Spyware VPN App

The year may be 2019, but Facebook's troubles with privacy are far from over. In a fresh exposé by TechCrunch's Josh Constine, it has emerged that the social networking giant is running a secret research program (dubbed Project Atlas — not to be confused with the company's ad tool of the same name that it shuttered in 2016) for the past three years with an aim to collect user data from paid volunteers (aged between 13 to 35) by extensively monitoring their phone and web activity and sending it back to Facebook.


"Like many companies, we invite people to participate in research that helps us identify things we can be doing better," said Facebook, responding to the latest revelations. "Since this research is aimed at helping Facebook understand how people use their mobile devices, we've provided extensive information about the type of data we collect and how they can participate. We don't share this information with others and people can stop participating at any time," it added.

It may be noted that the company was caught exactly doing the same thing through Onavo Protect, a VPN app it acquired in 2013, using the data collected to successfully identify competitors and then acquiring (WhatsApp) or cloning them (Snapchat). Facebook removed the app from App Store after Apple complained that it violated the platform's data collection guidelines, but it continues to be still available on Google Play Store.

The new Research VPN app, however, cleverly avoids mentioning Facebook by name (it doesn't even so much as have an icon) and is distributed via beta testing services like Applause, BetaBound and uTest, once again indicating how far the company is willing to go to amass user information (by baiting users with money and gifts cards) and protect its dominance, even if it means circumventing Android and iOS app stores by sneakily branding the initiative as a "social media paid research project" and asking users to side-load the app by abusing Apple's Developer Enterprise Program that allows enrolled companies to internally distribute corporate apps to employees without having to publish them on the App Store.

uTest's link to signing up for the so-called "Social Media Paid Research Project"

"To earn the most amount of money, refer as many individuals as possible (the earlier, the more money you make!) and make sure they keep the application installed! Payment for referrals are paid out monthly for this project, and there is no limit to the number of referrals you can submit!! A participant who provides even just 5 referrals that join the project in April can earn up to $700 this year, doing nothing but keeping the research app installed!!," goes the description, suggesting that people sell their privacy for quick money.

For a company that has repeatedly failed to adhere to principles of transparency and trust, the data grab, irrespective of whether consent was involved or otherwise, is a classic case of privacy control paradox and our "worth" determined by the volume of data we generate, where everything we do online, from buying stuff on Amazon to sharing posts on Instagram to watching a TV show on Netflix, is reduced to a data point, in turn slotting our behaviour into mere patterns for Silicon Valley giants to sift through. The result? A new digital reality where we end up being dictated by the very technology we created in the first place.

Update 1: Facebook has said that it will end the controversial market research program that violated Apple App Store guidelines to harvest user data from volunteers' phones in exchange for US$ 20 a month, merely hours after defending its intentions behind the app. "Facebook is shutting down its iOS Research app after we exposed its policy problems and sparked criticism from all of you. Thanks for spreading the word!," tweeted Constine. As it stands, the Android app will continue to be available.

Update 2: Apple has jumped in and blocked Facebook's Research VPN app before the social network could voluntarily shut it down, TechCrunch reports, adding it "revoked the Enterprise Certificate that allows Facebook to distribute the Research app without going through the App Store." This is what Apple had to say: "We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data."

What's more, the developer certificate revocation has effectively crippled Facebook's internal app distribution mechanism, according to The Verge and Business Insider, as it so happens that test versions of Facebook's iOS app, as well as Workplace Chat, Instagram and Messenger all relied on the same certificate for authentication. Facebook has said it's "working closely" with Apple to reinstate access to internal apps.

Comments