Facebook has paid individuals, some as young as 13, to install a virtual private network (VPN) that allows them to track their interactions on their mobile phone and on the web.
Facebook has confirmed that it is actually collecting data through this service.
Facebook Research offered users aged 13 to 35 to voluntarily provide their data in return for a monthly compensation of up to $20.
Any information transiting on the Internet
The Facebook Research application allowed the social network to access any information sent or received over the Internet on the phones on which it was installed. This means that text, photos, videos and any data received or sent by any application on the phones were accessible to Facebook.
To achieve this, the application used a VPN, which made all data pass through Facebook servers.
The App Store prohibits an application from collecting data on other applications installed on a phone for advertising or analysis purposes. To circumvent this rule, Facebook proposed to install Research using a “company developer certificate,” a feature of Apple phones that allow businesses to use apps for their employees without using the App Store .
The social network claims that only 5% of Research users were underage, and that all had provided signed parental consent. The company also indicates that all users were informed of the nature of the data collected.
Facebook now plans to close the application, while claiming to have nothing to reproach itself. The social network also claims that Facebook Research was not a clone of Onavo and was not intended to replace this application. Research actually coexisted with Onavo from 2016 to 2018 on Android, but was launched on iOS only after the withdrawal of Onavo in the summer of 2018.
Will Strafach, the developer of a cybersecurity application for iOS, however, commented on Twitter (New Window) that the code of Facebook Research contained many references to Onavo.
With information from TechCrunch and The Guardian