Facebook is no stranger to data privacy scandals. Last year, it was revealed that the data of over 87 million Facebook users was accessed by third-parties, for which the company received a lot of flak. Now, a new report has emerged claiming that Facebook paid people - including teenagers - on a monthly basis in order to mine their device data.
The disturbing revelation was made by TechCrunch, which extensively detailed how Facebook was paying people aged 13-35 up to $20 per month so that their devices could be mined. The report claims that this data was gathered using a "Facebook Research" VPN - for Android and iOS - that could be downloaded through beta testing services and Apple's Enterprise Developer Program rather than the respective mobile platform's app stores - where this app probably wouldn't have been allowed. The app in question gave access to the user's network traffic, which the firm utilized to "gather data on usage habits".
The project has been referred to as "Project Atlas" in some documentation, and while it's currently unclear how much data Facebook actually mined and utilized, security researchers have noted that the app gave "nearly limitless" access to the device on which it had been downloaded on. Data that could be potentially mined includes private messages - as well as photos/videos sent to others in social media apps, chats, location information, and web browsing activities. In some cases, the app also encouraged people to submit screenshots of their Amazon order history page.
It is quite interesting how Facebook purposely avoided Google and Apple's beta flight programs, since those would have subjected the application to a review process, in which it would most likely have been disqualified. Applause was one of the beta app distribution service that it used, stating that:
By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.
Another distribution service BetaBound also stated that only users in the US were allowed to download the application, and that they would be paid $20 per month. They would also get an additional $20 for referring the program to a friend.
When TechCrunch reached out to Facebook for a statement, a spokesperson had the following to say:
Like many companies, we invite people to participate in research that helps us identify things we can be doing better. Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate. We don’t share this information with others and people can stop participating at any time.
[...] Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn't ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.
Despite its initial defensive stance, it appears that faced with facts and backlash, Facebook has started backtracking, announcing that it is shutting down the iOS version of Project Atlas. However, no such claim has been made regarding the Android version of the application. It will be quite interesting to see how Facebook defends this new controversy, given the shady tactics it employed in order to get the app into the hands of as many customers as it could, even minors.
Source and image: TechCrunch