Apple says Facebook will not be able to distribute an app for iPhones through which it paid users, including teenagers, to extensively track their phone and web use.
After closing door for Facebook’s data collecting app, Apple has not let the social media giant sidestep Apple’s app store and its tighter rules on privacy.
The tech blog TechCrunch reported late Tuesday that Facebook was paying people about USD 20 a month to install and use the Facebook Research app. But Facebook says the data collection is being done with permission. And the company has a history of defining “permission” loosely and obscuring what data it collects.
“I don’t think they make it very clear to users precisely what level of access they were granting when they gave permission,” mobile app security researcher Will Strafach said Wednesday.
“There is simply no way the users understood this.”
He said Facebook’s claim that users understood the scope of data collection was “muddying the waters.”
Facebook clarifies that only 5 percent of the app users are teens and the teens have parental permission. Anyways, the revelation is yet another dark spot on Facebook’s track record on privacy and could invite further regulatory scrutiny.
And it has been only a few weeks after court documents revealed that Facebook allowed children to rack up huge bills on digital games and that it had rejected recommendations for addressing the issue on the fear of hurting revenue growth.
As of now, the app is available for Android phones. But, it is not available on Google’s Play Store.
Google had not given any comment on this.
Apple alleged that Facebook was distributing Facebook Research through an internal-distribution mechanism meant for company employees, not outsiders. Apple has taken away that capability.
As per the TechCrunch, Google was using the same privileged access to Apple’s mobile operating system for a market-research app, Screenwise Meter. However, Google had disabled the app on Apple devices and apologized for its “mistake.”
As per Google, it had always been “upfront with users” about how it used data collected by the app, which offered users points that could be used for gift cards once accumulated.
Unlike Facebook Research app, Google said it’s Screenwise Meter app never asked users to let the company circumvent network encryption, meaning it is far less intrusive.
Facebook is still allowed to distribute apps through Apple’s app store, though such apps are reviewed by Apple ahead of time.
And Apple’s move Wednesday limits Facebook’s ability to test those apps — including core apps such as Facebook and Instagram — before they are released through the app store.
Facebook previously had to pull an app called Onavo Protect out of Apple’s app store owing to stricter requirements.
But Strafach, who dismantled the Facebook Research app on TechCrunch’s behalf, told that the app was mostly Onavo repackaged and rebranded, as the two apps shared about 98 percent of their codes.
As of Wednesday, a disclosure form on Betabound, one of the services that distributed Facebook Research, announced that by installing Facebook Research, they are allowing Facebook to collect a wide range of data.
The data collected by the app includes, information on apps users have installed, when they use them and what they do on them. Along with these data, data is also collected on how other people interact with users and their content within those apps, according to the disclosure.
Betabound also warned that Facebook through the app might have taken information even when the app or web browser is encrypted.
Strafach said digital identities like emails, social media activities, private messages and just about anything else could be intercepted. As per him, the only data safe from snooping are from services, such as Signal and Apple’s iMessage that fully encrypt messages before transmission, a method known as end-to-end encryption.
Strafach, who is CEO of Guardian Mobile Firewall, said he was shocked to be aware that Facebook was caught red-handed violating Apple’s trust.
He said such traffic-capturing tools are only supposed to be used for trusted partners to use internally. Instead, he said Facebook was scooping up and storing all incoming and outgoing data traffic from unaware and misinformed members of the public — in an app geared toward teenagers.
“This is very flagrantly not allowed,” Strafach said. “It’s mind-blowing how defiant Facebook was acting.”
