Facebook has secretly launched a service similar to Onavo Protect, its vampire pseudo-VPN designed to protect users' privacy, but actually collects and analyzes their data. This time it's worse ̵
According to a Tuesday report on TechCrunch, Facebook has used at least three companies Target group is the service, which was originally referred to as "Facebook Research" at its inception in 2016. Target audience, however, had been calling it "Project Atlas" since at least mid-2018 when it was building against Onavo in the tech community, and Facebook pulled Onavo out of the App Store after Apple claimed it violated data collection rules, TechCrunch wrote.
The app requests permissions that would allow the company to absorb just about all the data of an iOS or Android device, from private messages and photos to web browsing habits. In return, Facebook offered subscribers small payments ($ 20 per month in the form of gift cards and more for referrals) to run the service on their devices and occasionally supplement the data by, for example, taking screenshots of their Amazon order history  TechCrunch said Facebook is partnering with Instagram, Snapchat, and other affiliate beta testing services, Applause, BetaBound, and uTest, to promote affiliates. Users under the age of 18 were apparently asked to submit parental consent.
Some advertisements invited people aged 13 to 17 to participate in a "paid social media research study" while others advertised for users. "Age: 13-35 (parental consent required for parents between the ages of 13 and 17)." Facebook seems to have taken steps to hide the fact that they are behind the program, and TechCrunch reports that some login procedures only mention its name in installation instructions
According to TechCrunch, iOS subscribers are asked to download the app with an Apple Enterprise Developer certificate, which is likely to violate Apple's rules:
Facebook appears to be aware of Apple's official beta testing system, TestFlight Instead, the manual shows that users download the app from r.facebook-program.com and are asked to install an Enterprise Developer Certificate and VPN and Facebook with "root" access trust the data transmitted by the phone, Apple requires developers to provide this certificate Use the system only to distribute internal enterprise applications to their own employees. Accidental recruitment of testers and paying a monthly fee seem to violate the spirit of this rule.
"When Facebook takes full advantage of its access credentials by asking users to install the certificate, they can work continuously Collect the following data types: private messages in social media apps, instant chats – Messaging apps – including photos / videos sent to third parties, emails, web searches, web browsing activities, and even up-to-date location information – by accessing the feeds of any email location tracking apps "You may have installed it," Security Guardian Will Strafach of Guardian Mobile Firewall told TechCrunch.
"The rather technical-sounding" install root certificate "step is frightening," Strafach added. "… There's no good way around expressing how much power Facebook is transmitting. "
Applause's website contained a language stating that Facebook's D They are very intense, to put it mildly, TechCrunch wrote.
Applause wrote that the installation of the Research App allows its customers to "collect information, such as what apps are on your phone, how and when you use them, data about your activities and content in those apps How other people within these apps interact with you or your content. "And" About Your Internet Browsing Activity. "In some cases, Applause collects data even when the app is encrypted or from within secure browser sessions . "
Strack told TechCrunch that the Re The search app appears to be a "poorly renamed build of the banned Onavo app" as it uses much of the same code like O contains navo, sends data to Onavo-connected IP addresses, and contains numerous sections of code that appear to have been lifted directly from Onavo. He acknowledged, however, that it's impossible to tell what Facebook is actually downloading from outside the company.
Facebook did not immediately respond to a request from Gizmodo, but told TechCrunch that the research app did not violate Apple's policy (without going into details). The site was also told that the similarities between Onavo and the newer app are that both were created by the same team, that the program was compared to a Nielsen-like focus group and had no plans to quit.
It's clear why Facebook is pushing an onavo clone. An article in the Wall Street Journal 2017 described in detail that Onavo's data acquired in 2013 was critical in all product design decisions until 2014's acquisition of WhatsApp by Facebook. Likewise, it's clear why Facebook wants to monitor the privacy of teenagers, as reports indicate that they are leaving the platform in large numbers, and have more to do with their daughter Instagram and competitors like YouTube and Snapchat. (This is really really scary, yes, it's about Facebook.)
However, if Apple decides they're done with Facebook, it may require that they no longer distribute the research app or even withdraw their company certificates – and start another PR fight that Facebook can afford badly. The reputation of the social media giants has recently suffered from scandals that include everything from reckless data sharing with third parties to distributing critics to alleged accomplices of the genocide. However, if you start not to trust them, CEO Mark Zuckerberg will gladly explain that you are just at a loss.