Facebook Paying Teens $20/Month to Install Data Harvesting VPN App on iPhones

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jan 29, 2019.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Apple in August 2018 forced Facebook to remove its Onavo VPN app from the App Store, because Facebook was using it to track user activity and data across multiple apps, something that violate's Apple's App Store policies.

    As it turns out, Facebook has found an underhanded way to skirt Apple's rules and get people to continue installing its VPN -- paying them.


    TechCrunch this afternoon exposed Facebook's "Project Atlas" program, in which Facebook paid people -- adults and teenagers -- to install a "Facebook Research" VPN that is similar to the Onavo VPN app.

    As of 2016, Facebook has been secretly offering people aged 13 to 35 up to $20 per month along with referral fees to sideload the Facebook Research app using an enterprise certificate on iPhone. Enterprise certificates like this are designed to allow companies to distribute internal corporate apps and give full root access to a device.

    To hide its involvement, Facebook has been using beta testing services like Applause, BetaBound and uTest to recruit participants to install Facebook Research.

    By getting people to sideload an app this way through an enterprise certificate, Facebook has access to data that includes private messages in social media apps, chats from instant messaging apps (including photos and videos), emails, web searches, web browsing activity, and ongoing location information. It's not clear if Facebook is accessing this data, but it could, according to security researcher Will Strafach, who TechCrunch consulted for this piece.
    The terms of service for the Facebook Research app suggest Facebook was collecting information about the smartphone apps on a participant's phone and how and when those apps are used. Facebook also said it would collect data about activities and content within the apps, and information about internet browsing history. There's even a line suggesting Facebook collects data even when an app uses encryption or from within a secure browser session.

    Facebook confirmed the program in a statement provided to TechCrunch and reportedly said that the Facebook Research app was "in line with Apple's Enterprise Certificate program," though that does not seem to be the case based on Apple's Enterprise Certificate policy.
    Apple has been made aware of the issue, but declined to provide a comment to TechCrunch. It's not clear how the Cupertino company will handle the situation, but as TechCrunch points out, Apple CEO Tim Cook has been highly critical of Facebook and its privacy violations. Apple could potentially block the Facebook Research app or revoke Facebook's permission to distribute internal apps entirely.

    Full details on Facebook's spying app can be found in TechCrunch's exposé.

    Article Link: Facebook Paying Teens $20/Month to Install Data Harvesting VPN App on iPhones
  2. farewelwilliams macrumors 68020

    Jun 18, 2014
    facebook should be paying me $20/month to use Facebook at all for the amount of $$$ they made off of my data.
  3. PotatoLeekSoup macrumors regular

    May 10, 2015
  4. brendu macrumors 68020

    Apr 23, 2009
    What moron sells all their personal data for at most $20/month. Good lord people are dumb.
  5. cashville2400 macrumors regular


    Nov 29, 2011
    I am sick of these companies and all this garbage they are pulling! Especially, Facebook.
  6. Robert.Walter macrumors 65816

    Jul 10, 2012
    Call me crazy but this sounds like fraud or misrepresentation in the service of user spying or surveillance.
  7. HiVolt macrumors 6502a


    Sep 29, 2008
    Toronto, Canada
    Wow, when will people realize how truly evil Facebook really is.

    Apple should make an example of them and ban their app, at least temporarily.
  8. synergize macrumors regular

    Jul 12, 2010
    Zuckerberg is evil.
  9. macfacts macrumors 68040


    Oct 7, 2012
  10. Zenithal macrumors G3

    Sep 10, 2009
    A moron who's smart enough to reactivate an old iPhone as a "burner" on a cheap prepaid plan and fill it with useless data and pocket $20/month. I think TMO has a very cheap $3-5 prepaid plan. And because iPhones use iMessage, you won't lose out on the limited text amount or minutes. Netting $15 a month may not seem much, but when you're doing it and screwing over Facebook by submitted dud data, then it's somewhat clever. $180/year for doing practically nothing isn't bad.
  11. sfwalter macrumors 68000


    Jan 6, 2004
    Dallas Texas
    I saw in the TechCrunch article that some folks were sending Facebook screenshots of their Amazon orders. Who in their right mind asks for that and who is willing to give that up.
  12. AngerDanger macrumors 601


    Dec 9, 2008
    Mark, Mark, Mark, Mark, Mark. Do you even know what the "P" in VPN stands for? Private. You've made a data-harvesting virtual private network. That doesn't compute!

  13. palmerc2 macrumors 68000


    Feb 29, 2008
    Los Angeles
    Woooooow. So glad I stopped using that crap years ago. I recall reading Facebook could get all your browsing history just by having a tab open....insanity.

  14. jtara, Jan 29, 2019
    Last edited: Jan 29, 2019

    jtara macrumors 68000

    Mar 23, 2009
    It doesn't seem in compliance with the Enterprise Agreement. It is pretty specific.

    I looked into the Enterprise Program a while back, for applications used to aid in performing a kind of assessment/certification on homes and commercial buildings. Because the persons doing the assessments were not direct employees of the organization doing the assessments, it was determined it was not eligible for the Enterprise Program. They might be employees, for example, of a partner company, a partner public agency, an independent assessor, etc.

    So, the apps were published in the App Store, and homeowners and business owners (or just the curious) were able to perform their own assessments if they wished, but would not be able to get certain reports, or an official government-issued or other similar certificate. (A per-assessment fee was paid by assessors for official certificates and advanced reports.)

    It is an EXTREME stretch that an app deployed to Facebook users would be considered a legitimate usage of the Enterprise Developer Program. We could not even get clearance to deploy to e.g. subcontractors. It was our understanding that deploying an Enterprise app for use by subcontractors, partners, etc. was verbotten.

    It is important to note that Apple does not approve or disapprove apps published in Enterprise stores. But there are still rules - one being that is basically for internal use by your employees - it's just that Apple would have to somehow discover a violation.

    Because Apple does not approve/disapprove Enterprise Store apps, they are able to perform functions that would not be approved in the App Store. For example, they can call private frameworks, they do not have to adhere to content policies, etc.

    I will add that our reason for wanting to release through the Enterprise Program was that the apps had a very specific use and were meant to be used by professional assessors. And, yes, there was a fee involved, which in most cases only HELPED pay the costs. They decided it wasn't worth the fight, and they could spin the public availably of the app as an opportunity for public enlightenment.

    I have also worked on an Enterprise app that has been distributed through an Enterprise store, and is very much inline with the intent of the program. It's used by field service technicians.


    Purpose Your company, organization or educational institution would like to use the Apple Software (as defined below) to develop one or more Internal Use Applications (as defined below) for Applebranded products running iOS, watchOS, tvOS, and/or macOS, and to deploy these Applications only for internal use within Your company, organization or educational institution or for limited use as expressly set forth herein. Apple is willing to grant You a limited license to use the Apple Software to develop and test Your Internal Use Applications, and to deploy such Applications internally and as otherwise permitted herein on the terms and conditions set forth in this Agreement. You may also create Passes (as defined below) for use on Apple-branded products running iOS or watchOS under this Agreement. Internal Use Applications developed for macOS can be distributed under this Agreement using an Apple Certificate or may be separately distributed. Note: This Program is for internal use, custom applications that are developed by You for Your specific business purposes and only for use by Your employees and, in limited cases, by certain other parties as set forth herein. If You want to distribute applications for iOS, watchOS, or tvOS to third parties or obtain an application from a third party, then You must use the App Store or Custom App Distribution for distribution
  15. Rogifan macrumors Core


    Nov 14, 2011
    Facebook is evil. Time for Apple to kick them off the App Store until they knock it off.
  16. Analog Kid macrumors 601

    Analog Kid

    Mar 4, 2003
    Creepy AF

    Can we all just agree now that Facebook is an unrepentant voyeur?
  17. brofkand macrumors 6502

    Jun 11, 2006
    A lot of people give it away for free to Google, Facebook, basically all these companies. They put cookies all over the web tracking everything you do unless you proactively block it.
  18. Kabeyun macrumors 68020


    Mar 27, 2004
    Eastern USA
    There is no end to the arrogant scumbagginess of Zuck and his cadre of arrogant scumbags.

    It’s such a sad testament to the collective apathy of the public that continues to use this arrogant scumbag’s platform.
  19. TracesOfArsenic macrumors regular


    Feb 22, 2018
  20. definitive macrumors 68000


    Aug 4, 2008
    welcome to the world of social media. they all try to harvest data as much as they can without stepping on people's toes, because that's one of the biggest ways they can make money.

    it's baked into ios. it would take some major backlash and constant mention by the media for them to do something about facebook. same with twitter.
  21. brendu macrumors 68020

    Apr 23, 2009
    You are either giving them your actual data or you’re working too hard to justify $20/month.
  22. brofkand macrumors 6502

    Jun 11, 2006
    Their app doesn't violate Apple's TOS. This isn't an app, though I guess Apple could revoke the certificate they are using for this program. If they use the same cert as their main apps, oh well. Should have thought about that first, Zuckerberg.
  23. C DM macrumors Sandy Bridge

    Oct 17, 2011
    So if the information about this is provided about the user and the user knows what he/she is in for by installing and using this, then it seems it's the user that is making a decision to do it knowing what that entails.
  24. Zenithal macrumors G3

    Sep 10, 2009
    You're over-estimating how difficult it is to generate garbage data. For younger people, this is alright pocket change. Should be a case of cheap beer; a boon for college students.

Share This Page

138 January 29, 2019