We already knew Facebook is thirsty for any drop of data it can squeeze from its users, but a new report shows just how many rules they’re willing to break to get it. Their incredibly invasive app even targets minors.
In mid 2018, Facebook’s Onavo VPN app was skewered by critics for being nothing more than spyware in disguise. The social media giant was using the free VPN to collect extensive data on users and to monitor their rivals. After all of this was discovered, Apple booted the app from their app store.
However, a report by TechCrunch has revealed that Facebook has been using a very similar app called Facebook Research that goes even further. The app pays users $20 in e-gift cards to install it and grant it root certificate access, which means it can monitor virtually anything the user does online. It targets a variety of demographics, but one of the main targets are children ages 13-17.
If it’s not obvious why this is a problem, let us explain:
- They are exposing users to unnecessary risks. The root certificate grants Facebook’s app the right to monitor almost anything the device does online – not just on Facebook or its apps. This unprecedented level of access can expose users to extraordinary risks. What if a rogue Facebook employee accesses the system collecting people’s data? What if hackers access the system?
- They are invading your privacy on a whole new level. Root certificate access grants them unprecedented new opportunities to invade your private life. They can read your messages on other apps. They can view any files you send, whether or not you want them to be seen. They can see what your camera sends and listen to your microphone broadcasts. They can listen to calls. They can watch everything you do when using apps online. Do you trust anyone with that type of access to your phone?
- They’re taking advantage of uninformed users. Facebook founder Mark Zuckerberg was accused of being tone-deaf during his annual speech, but this project is even worse. In the wake of the many privacy scandals Facebook caused in 2018, they should be taking a step back to evaluate how much they intrude into people’s lives. Instead, we can see that they’ve ignored the public outcry by continuing to develop this invasive program.
- They are targeting kids. $20 will seem like a lot to many children ages 13-17 still dependent on their parents. So will the referral bonuses they get for involving their friends. These children may not yet understand how much of their privacy they’re giving up and what sort of risks they’re exposing themselves to. Fortunately, children are required to present parental consent forms to participate, but it’s possible that some will have lied about their age to make some pocket money from themselves.
- They are ignoring rules made to keep you safe. Facebook’s initial attempts were partially thwarted when Apple threw their free VPN, Onavo, out of the app store. Apple did this because the app violated its rules designed to keep users safe and private. This time, Facebook is simply asking users to side-load the app and bypass the store altogether.
- They are behaving unethically. Facebook is paying users and demanding dangerous root certificate access in part to spy on their competitors. This is ethically questionable as it is, but it’s also ethically questionable to recruit users and violate their security and privacy to do so.
- They have been trying to hide their actions. Users only discover that the app is run by Facebook once they’re signing up. Until then, it is referred to as Project Atlas. This may have helped the program evade the public eye for quite some time.
After TechCrunch published their damning report, Facebook has deactivated its iOS Facebook Research app, but there’s no word on when or if the Android version will be deactivated.
It’s clear that Facebook learned the wrong lesson from a year filled with privacy scandals. Instead of reducing their invasiveness and respecting users’ privacy, they are dialing up their monitoring powers to make even more money.
If you have agreed to use Facebook Research, we suggest discontinuing use and removing it. Ask if your children are using it, and if they are, remove it (and give them $20 so they don’t need to sign up for any sketchy apps).
As Facebook continues to ignore public concerns about privacy, it may also be worth reconsidering the social media service’s role in your own life.
Lastly, remember – if an app is free, it’s probably making money off of you. If it’s paying you to use it, you’re definitely giving up something important!
For more cybersecurity tips, tricks and analysis, subscribe to our monthly blog newsletter below!