Sat | Nov 30, 2024

Apple busts Facebook for distributing data-sucking app

Published:Thursday | January 31, 2019 | 12:20 AM
The Facebook app icon is shown on an iPhone.
The Facebook app icon is shown on an iPhone.

Apple says Facebook can no longer distribute an app that paid users, including teenagers, to extensively track their phone and web use.

The tech blog TechCrunch reported late Tuesday that Facebook paid about US$20 a month to use the Facebook Research app. While Facebook says this was done with permission, the company has a history of defining “permission” loosely and obscuring what data it collects.

Facebook says fewer than five per cent of the app’s users were teens and they had parental permission. Nonetheless, the revelation is yet another blemish on Facebook’s track record on privacy and could invite further regulatory scrutiny.

According to TechCrunch, Facebook sidestepped Apple’s app store and its tighter rules on privacy. Apple says Facebook was using a distribution mechanism meant for company employees, not outsiders, so Apple has revoked that capability.

As of Wednesday, a disclosure form on Betabound, one of the services that distributed Facebook Research, informed prospective users that by installing the software, they are letting Facebook collect a range of data. This includes information on apps you have installed, when you use them and what you do on them. Information is also collected on how other people interact with users and their content within those apps, according to the disclosure.

Betabound warned that Facebook may collect information even when an app or web browser uses encryption.

Mobile app security researcher Will Strafach, who studied the app on TechCrunch’s behalf, told The Associated Press that he was aghast to discover Facebook caught red-handed violating Apple’s trust. He said such traffic-capturing tools are only supposed to be for trusted partners to use internally. Instead, he said Facebook was scooping up all incoming and outgoing data traffic from unwitting members of the public – in an app geared towards teenagers.

“This is very flagrantly not allowed,” said Strafach, CEO of Guardian Mobile Firewall. “It’s mind-blowing how defiant Facebook was acting.”

He called “muddying the waters” any attempt by Facebook to claim that users who installed the apps understood the unrestrained scope of the data collection.

“I don’t think they make it very clear to users precisely what level of access they were granting when they gave permission,” Strafach said. “There is simply no way the users understood this.”

AP