Apple revokes Facebook iPhone access after data sale scandal
31 January 2019 | 0
Facebook has been paying users as young as 13 for access to their personal data in another effort to monitor social trends and capitalise on them according to a report on TechCrunch.
The social network has been paying volunteers money each month to install an app on their phone called Facebook Research according. This application watches and records activity and actions on a phone and sends that information back to Facebook.
The app offers people between the ages of 13 to 25 up to $20 per month for almost complete access to their phone’s data. Specifically, the app installs a custom root certificate which granted Facebook the direct ability to see users’ private messages, e-mails, Web searches, and browsing activity – while also requesting users to take screenshots of their Amazon order history and send it back to Facebook for review.
Facebook was originally collecting an amount of this data through Onavo Protect, a VPN service that it acquired back in 2013. It is suggested that the data Facebook collected through these methods helped it to spot current or future competitors, which then allows them to acquire or clone them.
Facebook Research app was removed from the App Store about six months ago after Apple complained about it violating its guidelines on data collection.
Apple has revoked a developer license from the social media giant, effectively shutting down any iOS apps that haven’t already been approved for the App Store.
Without the developer certificate, Facebook’s internal iOS apps, which likely include beta versions of its consumer apps as well as company-specific resources, will no longer work. Apple hasn’t indicated whether this is a temporary ban or how it will monitor Facebook’s activities in the future.
Facebook and Apple are two of the biggest companies in the world, but they need each other to survive. If this fight ever reached the point where Apple removed Facebook from the App Store, both companies would feel the effects, so there’s a certain amount of gamesmanship being played here. However, Apple’s reputation is far more at risk than Facebook’s at this point, so this likely amounts to the final warning.
Research without development
While the merits of the programme can be debated, the method of delivery cannot. Apple clearly states that participants in its Enterprise Developer Program cannot distribute apps outside of the company: “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organisation,” an Apple spokesperson said. “Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”
To circumvent Apple’s sandbox, Facebook used beta testing services other than Apple’s own TestFlight, including Applause, BetaBound, and uTest to hide the app’s true identity. The app’s primary function is similar to the Onavo VPN that Apple removed from the App Store in August for heavy-handed data gathering.
But Facebook isn’t only company using iPhone users to collect data. A follow-up report from TechCrunch claims that Google is running a similar program using an app called Screenwise Meter that also uses the Enterprise Developer Program to surreptitiously collect data from iPhone users. TechCrunch says the app has been running since 2012 and, like Facebook Research, also offers payment in exchange for data sharing. Google quickly issued a statement apologising for the app and calling it ‘a mistake’ while also saying it had been disabling. Apple has not yet publicly responded to the report.
A hard slap on the wrist
But while Apple is certainly playing hard ball, it’s also giving Facebook something of a pass. While revocation of the license will cause a temporary headache for Facebook and its employees, Apple will still allow Facebook to distribute its apps through the App Store. It also isn’t addressing the root of the issue, which is that Facebook was able to run its Research App undetected for more than two years despite Apple’s claims that “What happens on your iPhone stays on your iPhone”. It’s basically a firm slap on the wrist.
For its part, Facebook admits to running the app, but is challenging the media’s assessment of the story. In a statement, the social media giant said “there was nothing ‘secret’ about the app” and participants “went through a clear on-boarding process asking for their (or their parents’) permission and were paid to participate”. Facebook says it shut down the app on iOS on its own accord, though it still continues to operate on Android phones.
But as far as Apple is concerned, the case is cut and dried: Facebook violated its terms of service in a big way. Not only does it skip Apple’s review process, but it collects a staggering amount of data. To get its hands on such a treasure trove, Facebook Research required the installation of a new profile on the user’s iPhone as well as root certificate access, which could open up the iPhone to malware in addition to the open portal to Facebook.
IDG News Service