Reports surfaced revealing Facebook were paying individuals to permit it to watch everything they were doing. This action was allowing Facebook to access personal data of Apple customers, some of which were minors. Facebook stated it created the product to conduct market research on 13-35 years olds about the use of their phones. It’s developers app, Facebook Research, was able to install on Apple’s customers’ devices through the enterprise digital certificate. Bypassing the store meant that it did not undergo Apple’s usual vetting process. This was a violation of Apple’s developer rules and consequently, it revoked Facebook’s certificate. Apple granted facebook with the certificate for its internal use for developing services, and not for use with customers.
Misusing Apple’s enterprise certificate
Apple takes transparency seriously as it also revoked another certification given to Onavo Protect which collected data for a different purpose than initially stated. Another interesting fact about this app is that Facebook also developed it. The purpose was to provide free VPN services. However, the app additionally used the data for other purposes. This app even collected customer data when the app was turned off. The app can still be found on the Google Play store.
Onavo Protect now informs users of the apps intended use.
The consequence of the revocation means Facebook cannot carry out internal testings on their iOS apps which is a big hindrance. Facebook employees are not happy with this outcome. Apple have responded with the following statement:
“Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”
Facebook Research will still run on Android with Google Play store.
Latest posts by Tiffanie Horsfall (see all)
- Docker Container Escape Vulnerability With PoC (CVE-2019-5736) - February 18, 2019
- Cyberattack on VFEmail erases 18 years worth of customer details, including all backups - February 17, 2019
- Astaroth Trojan Exploits Antivirus Software - February 15, 2019