Apple blocked Facebook’s Research VPN app yesterday. Apple acted before the social media network could respond by shutting it down by themselves.
The Research app has caused recent controversy, which was sparked by TechCrunch’s investigation. The app asked users for root access to all the data on their phone in exchange for $20 a month. Facebook states that this was all done entirely with permission.
TechCrunch reported that Facebook had been able to release the app in Apple’s store despite its stricter rulers on privacy. Apple stated that they “revoked the Enterprise Certificate that allows Facebook to distribute the Research app without going through the App Store.” The Enterprise System was intended to be used only to distribute internal corporate apps to employees, and never to paid external testers.
TechCrunch’s investigation revealed that the Research app had been on the market for iOS and Android phones since 2016, operating under the name Project Atlas. Through ads on Instagram and Snapchat, Facebook recruited 13 to 35 years to download the Research app. This app included a VPN which directed traffic to Facebook. It also asked users to “Trust” the company with root network access to the phone, which allowed the social network to see the user’s web browsing history, which apps the users downloaded and how they are used, and even could decrypt their encrypted traffic.
The users, 5% of which were teenagers, were also asked to screenshot and send in their Amazon order history. All of this data collected would then be used by Facebook to track competitors and trends and plan for its future.
Apple released this statement:
“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”
Within seven hours of Apple releasing the statement, a Facebook spokesperson stated that they would voluntarily take down the Research app from iOS, without acknowledging that Apple was forcing it to do so.
Facebook released this statement:
“Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”