Early last year, a report from TechCrunch revealed that Facebook had been trying to promote its VPN client which actually tracked and gathered information about the user. The app was later removed from Apple’s App Store. However a new report from TechCrunch has revealed that Facebook is trying again, this time by paying users to install a VPN app called “Facebook Research”.
In a way this is similar to the Onavo Protect app that was removed last year, but this time Facebook is paying users to install it. The company is said to have been paying users aged 13-35 $20 a month including referral fees to install the app on their phones. As with the previous app, this app also collects data on users but is more explicit about it. In fact there are instances where the app asked users to send screenshots of their Amazon order history page.
To be fair in this instance, Facebook is paying users for their data which means that users need to consent. Although whether or not these users are aware of how much data and what kind of data is being gathered is unclear, but it does seem like it has the potential to collect some pretty sensitive information.
TechCrunch spoke to Guardian Mobile Firewall’s security expert Will Strafach to dig into the app, in which he said, “If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.”
Facebook has since stated that they will be removing the app from Apple’s App Store, but it will continue to remain on Android. The company also released a statement to The Verge saying:
“Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”