TechCrunch reports that since 2016, the company distributed its data-sucking VPN in the form of a Facebook Research app for both Android and iOS. Beta recruitment sites like Applause, BetaBound and uTest were told to target users aged 13 to 35 to join — the teenage demographic seems particularly valuable for Facebook as young adults have flocked out of the platform for others. The effort was dubbed “Project Atlas” sometime last year.
Users would have all phone and internet usage tracked — private messages, web searches, geolocation, encrypted sessions and all — and sent to Facebook, unencrypted, for analysis. The company would require some users to occasionally screenshot their Amazon order history. In turn, they would be compensated up to $20 per month.
The Research app was sent along with an Enterprise Certificate that would allow the app to be installed outside of the App Store. Facebook told TechCrunch yesterday that it would voluntarily shut the app down today, saying that it has been operating within Apple’s policy.
But Apple pre-empted that move last night by revoking Facebook’s Enterprise Certificate, saying in a statement:
We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.
The move will seemingly impact employees of Facebook properties who are, among other things, testing pre-release builds on apps like Instagram and WhatsApp. A source claims those apps are still working, at least for the moment.
Facebook issued a follow-up statement today, saying that the program was not at all “secret,” that the terms were made clear to participants before they agreed to participate in the project and that less than 5 percent of all participants were under 18 — the teens had to turn in parental consent forms. But the company seems to be deflecting away from the issue at hand: that it was willing to obtain as much rich data as possible and at any cost, even if it means circumventing the rules of the platforms they occupy.
As far as we know, the Android version of the Research app remains active.