Facebook Pays Teens to Download a VPN App That Spies on Them

In an attempt to gather data on its competitors, Facebook has been secretly paying people to install a VPN to their phones. The ‘Facebook Research app’ VPN is similar to the Onavo Protect app that was banned by Apple in June and removed in August.

Sideloading

Facebook has been asking teenagers and adults to sidestep the App store and download the Research app. They are also asking users to give the app root access to network traffic. This may be a violation of Apple policy so Facebook can decrypt and analyze phone activity.

Paying Users

Facebook has been paying users 13 to 35 years old, up to $20 per month to sell their data. The Research app has been running since 2016, for Android and iOS users. The social network has even been asking users to take a screenshot of their Amazon order history page.

Project Atlas

The program is administered by beta testing services Applause, BetaBound and uTest. This cloaks Facebook’s involvement and is referred to as Project Atlas.

A security expert analyzed the Research app and found a high level of access. If Facebook uses the app to its full potential, they can access the following:

  • Private messages in social media apps
  • Chats from instant messaging apps
  • Emails
  • Web Searches
  • Ongoing location information

The expert wasn’t sure what data Facebook wanted, though they get nearly limitless access to the user’s device.

Update

In an update from Facebook, they announced the shutdown of the iOS version of the Research app. The program will continue on Android, however. It is unsure whether Facebook officially violated Apple’s policy. It is also uncertain if Apple asked Facebook to remove the app.

This strategy shows how far Facebook is willing to go and how much it’s willing to pay to protect its dominance in the market. The Research app could cause further tension between Apple and Facebook. Apple’s Tim Cook has repeatedly criticised Facebook’s data policy.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil