Facebook paid teens to install banned app, spy on their data

After Apple banned Facebook's spying VPN, Facebook violated enterprise distribution policies by paying teens to sideload it.

Another week, another jaw-dropping, bomb-shell Facebook privacy violation.

Josh Constantine, writing for TechCrunch:

Desperate for data on its competitors, Facebook has been secretly paying people to install a "Facebook Research" VPN that lets the company suck in all of a user's phone and web activity, similar to Facebook's Onavo Protect app that Apple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.

Facebook was, initially, it's usual defensive, deflective self. Then:

After this story was published, Facebook later told TechCrunch it will shut down the iOS version of its Research app in the wake of our report.

Apple has already retaliated:

"We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization," said a spokesperson. "Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data."

It's a proportional response, though the internet is filled with people angry enough to demand Apple ban all the Facebook apps from the App Store as well now. (Though Facebook is a web service, so unless Apple blacklists their domains at the root level, Safari would serve just as easily as a gateway on mobile as it does on the desktop.)

Security researcher Will Strafach has been digging through the misdeeds on Twitter.

they didn't even bother to change the function names, the selector names, or even the "ONV" class prefix. it's literally all just Onavo code with a different UI. pic.twitter.com/ruqH69pUfq

— Will Strafach (@chronic) January 29, 2019

While this is egregious on its own, taken together with Facebook's numerous other violations, it shows a pattern of behavior so anti-user and anti-social that it's beyond obvious they can't and won't self-regulate.

The U.S. and EU regulators need to intervene.

from iMore - The #1 iPhone, iPad, and iPod touch blog http://bit.ly/2DHC3IL