Facebook, a social network notorious for privacy violations is at it again as the company was recently found to be paying $20 per month to teens for them to participate in its research. In order to participate users that included teens had to use the Facebook Research VPN app. The company would pay participants in return for sideloading company’s app on their devices.
Since 2016 Facebook has been secretly running its malicious research with users aged 13 to 35 years and used beta testing services like BetaBound, uTest and Applause to recruit participants.
The app would be installed through enterprise certificates, that normally allow companies to install their corporate apps on employee iPhones. Installing Enterprise certificates gives the developer full root access to the device. Getting the app installed in this manner is especially suspicious since installing enterprise certificates on a device also gives Facebook access to user’s sensitive data such as photos, videos, emails, messages, web browsing activity, location information and more.
After the report was published by TechCrunch, Facebook has said that it is ending the controversial market research program and the Facebook Research app would not be available for download on iOS. The social networking giant has also issued the following statement.
Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens, all of them with signed parental consent forms.
After the story came to light, Apple has also revoked the certificate Facebook was using for its Facebook Research app. Apple has also issued the following statement to Recode.
We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.