wordpress blog stats
Connect with us

Hi, what are you looking for?

Facebook paid teens to install an app that collected their data: report

Facebook has been secretly paying users – teens included – to install a “Facebook Research” app which tracked and collected the users’ phone and web activity via third-party beta testing services. This was revealed in a TechCrunch investigative report published yesterday.

The service is similar to Facebook’s controversial Onavo Protect VPN app, which Apple banned from its App Store last year over privacy violations.

Further reading: These Confidential Charts Show Why Facebook Bought WhatsApp

According to the TechCrunch report, Facebook has been paying users aged 13-35 years up to $20 per month via gift cards since 2016 to install the iOS and Android app. The app was originally called “Facebook Research” when launched in 2016, but was changed to “Project Atlas” in mid-2018, “when backlash to Onavo Protect magnified” and Apple changed its App Store rules, resulting in the fencing out of Onavo.

TechCrunch’s key findings

  • The app requires users to ‘Trust‘ (an “agree” button of sorts) it with access to private messages in social media apps, web browsing activity, photos, emails, and location tracking apps
  • The app was provided via three third-party services to disguise Facebook’s involvement; ads were floated on Instagram, Snapchat and other apps to recruit users, and to get them to download the app
  • Facebook even asked users to upload screenshots of their Amazon order history, presumably to tie phone & web activity with purchase behaviour
  • TechCrunch reported that Facebook designed installation steps in a manner which disguised its own involvement. For instance, ‘Applause’, one of the beta-testing services used by Facebook, does not mention Facebook in its sign-up, unless the user was a minor
  • Another beta-testing service ‘BetaBound’ mentioned Facebook only in the instruction manual for installing Facebook Research, but does not do so during sign-up

Circumventing Apple

Meanwhile, Facebook seems to have “purposefully avoided” Apple’s official beta-testing system, which involves an oversight system by Apple. Instead, users downloaded the app from another beta testing service and were told to install an Enterprise Developer Certificate and a VPN and “Trust”(an “agree” button of sorts) Facebook with root access to their phones.

This was reportedly in violation of Apple’s rules: an Apple spokesperson explained to TechCrunch that Apple’s Enterprise Developer Program is designed solely for internal distribution of apps within an organization, and not for apps to be downloaded publicly. The spokesperson added that:

Advertisement. Scroll to continue reading.

Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.

After the report was published, Facebook said that it would shut down the iOS version of its Research app. But Apple had blocked the app before Facebook voluntarily pulled it off of iOS. Facebook’s app will continue to run on Android.

Even by Facebook’s standards, this development comes as a surprise, especially since it involved minors and hiding its own involvement. This is hardly good news, given that Facebook has already been hit by data breachesUS Senate hearings, a threat to remove Zuckerburg as CEO, criticism over its role in the killings of Rohingya Muslims in Myanmar, data deals with phone manufacturers, Cambridge Analytica (of course), and threats (see 1, 2, 3) to election integrity world-over.


Further reading:

Image Credit: www.thoughtcatalog.com, (Flickr) under CC BY 2.0

Advertisement. Scroll to continue reading.
Written By

I cover health, policy issues such as intermediary liability, data governance, internet shutdowns, and more. Hit me up for tips.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.


The accession to the Convention brings many advantages, but it could complicate the Brazilian stance at the BRICS and UN levels.


In light of the state's emerging digital healthcare apparatus, how does Clause 12 alter the consent and purpose limitation model?


The collective implication of leaving out ‘proportionality’ from Clause 12 is to provide very wide discretionary powers to the state.


The latest draft is also problematic for companies or service providers that have nothing to with children's data.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ