“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organisation,” Apple said. “Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple.”
TechCrunch broke news of Facebook’s app on Wednesday, reporting that the tool referred to by Facebook as “Project Atlas” had been in use since 2016 on both iOS and Android. In some advertisements for the app displayed on Instagram and Snapchat, teens were targeted to participate in a paid social media research study, and if they tried to sign up were asked to get their parent’s approval through a web form. The app had targeted users between ages 13 and 35.
A security expert commissioned by TechCrunch confirmed that Facebook’s app gave the company near limitless access to data that passed through users’ phones, including chats, photos, emails, web browsing and location. However the expert could not confirm how much of this data Facebook was actually collecting or interested in.
“The fairly technical sounding ‘install our Root Certificate’ step is appalling,” the security expert, Will Strafach, told TechCrunch. “This hands Facebook continuous access to the most sensitive data about you, and most users are going to be unable to reasonably consent to this regardless of any agreement they sign, because there is no good way to articulate just how much power is handed to Facebook when you do this.”
Facebook said in a statement that the nature of the data collecting app was not secret.
“It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate,” the company said. Facebook added that less than 5 per cent of the users who participated in the research were teens, who signed parental consent forms. But Facebook declined to how say how many young people actually signed up for the app.
Apple’s decision to punish Facebook reflects an intensifying war between the two companies over privacy. The iPhone giant’s chief executive, Tim Cook, has faulted Facebook for its data-collection practices since the revelations in 2018 that it mishandled 87 million users’ personal data in a scandal that since has become the subject of a US federal investigation.
Last year, Cook broadly slammed social-networking companies in a speech for creating a “data industrial complex” that allows those firms to “know you better than you may know yourself.” In the meantime, Cook has called on US Congress to adopt sweeping new limits on how companies collect and monetise consumers’ personal information.
Some US lawmakers sharply rebuked Facebook in response to the reports about its data-tracking app. “Wiretapping teens is not research, and it should never be permissible,” Democratic Senator Richard Blumenthal said in a statement. “This is yet another astonishing example of Facebook’s complete disregard for data privacy and eagerness to engage in anti-competitive behaviour.”
Facebook said it is shutting down the app to Apple customers, and did not respond to questions about if it is still operating the same app for Android users.
Last year, Facebook yanked a data-security app called Onavo from the app store after Apple ruled the app violated its data collection policies. Onavo, which was billed as a virtual private network designed to keep users safe from malicious websites, allowed Facebook to track and analyse users’ activity on their phones, the Wall Street Journal reported, giving the company insight into rival apps and new software offerings.
Strafach, the security expert, found Facebook’s research app contained a significant amount of code from the Onovo app.
The latest privacy-related issue at Facebook comes on the same day the company has reported its quarterly earnings. Ad sales rose 30 per cent to $US16.64 billion ($23 billion) in the fourth quarter, while costs, bolstered by moves to fight misinformation and fallout from data and privacy rows, rose 62 per cent to $US9.09 billion. Total revenue rose to $US16.91 billion, slightly beating analyst estimates.
Washington Post, with staff reporters