Facebook has been paying teenagers nearly $30 a month ($US20) to install software that gives the social media giant “nearly limitless” access to their phone.
The controversial practice was revealed by TechCrunch last week, and has led to Apple banning the app and the company’s access to its developer program.
It’s yet another privacy issue for Facebook, which was recently been embroiled in the Cambridge Analytica scandal that saw up to 87 million users’ personal information shared with a political consulting firm.
The new report revealed that Facebook has been secretly paying users, sometimes teenagers, to take part in a research program that involved them installing the “Facebook Research App”.
Once installed, Facebook was able to access the phone’s network traffic and track data on usage habits.
The project was rolled out through beta testing services like Applause, and advertisements for the scheme did not mention Facebook.
“We have an exciting opportunity and are looking for individuals to participate in a research project,” one of the advertisements read. “The project requires only that participants install an application on their mobile phones; participants then just keep the application installed while doing nothing else differently.”
The research program, which has reportedly been running since 2016, involved Facebook users aged between 13 and 35 receiving $US20 per month and referral bonuses for installing the VPN.
Participants had to give consent and allow the app to access their data, while underage users had to have parental consent. Once they “trusted” the app, it then had “nearly limitless access to data” on the device, including private social media messages, instant messages and photos, security expert Will Strafach told TechCrunch.
“If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from instant messaging apps, emails, web searches, web browsing activity, and even ongoing location information…” Strafach said.
The app would have violated Apple’s App Store policies, but was downloaded directly by the user through the Enterprise Developer Program.
An Apple spokesperson said Facebook had misused a program that was meant to allow for the distribution of software only to developers for testing, and that the social media giant had now been banned from this service.
“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organisation,” the Apple spokesperson said.
“Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple.
“Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”
The tracking project was also being run on Android, and neither Facebook or Google have said that they plan to shut it down on these devices.
Facebook has hit back at the criticisms of the tracking project, with a spokesperson saying that “key facts...are being ignored”.
“Despite early reports, there was nothing ‘secret’ about this, it was literally called the Facebook Research App,” the spokerspon said. “It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear onboarding process asking for their permission and were paid to participate.
“Finally, less than five percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”
The Facebook spokesperson said the purpose of the project was to “identify things we can be doing better”.
“Since this research is aimed at helping Facebook understand how people use their mobile devices, we provided extensive information about the type of data we collect and how they can participate,” they said.
“We don’t share this information with others and people can stop participating at any time.”
It also marks another clash between tech titans Apple and Facebook, with the later previously banning Facebook’s security app for breaching its privacy rules after it collected data about other apps installed on a user’s phone.
Apple recently had its own privacy issue, with revelations that a bug in the group FaceTime feature allowed a user to eavesdrop on another before they had answered the phone.