Desperate for data on its competitors, Facebook has been secretly paying people to install a “Facebook Research” VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that iApple banned in June and that was removed in August. Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.
Facebook admitted to TechCrunch it was running the Research program to gather data on usage habits, and it has no plans to stop.
Since 2016, Facebook has been paying users ages 13 to 35 up to $20 per month plus referral fees to sell their privacy by installing the iOS or Android “Facebook Research” app. Facebook even asked users to screenshot their Amazon order history page. The program is administered through beta testing services Applause, BetaBound and uTest to cloak Facebook’s involvement, and is referred to in some documentation as “Project Atlas” — a fitting name for Facebook’s effort to map new trends and rivals around the globe.
We asked the security expert of the Guardian Mobile Firewall to dig the Facebook Research app, and they told us that if Facebook users use the level of access they give by setting them to certify, Collect the following types of data continuously: Private messages in social media apps, chat in instant messaging app - sent to others Hoto / video, email, web search, web browsing activity and even includes location information released by tapping feed expansion. The app that keeps track of any places you have installed. "It is not clear what data Facebook is related to, but after app install, there is almost unlimited access to the user's device.
Strategy shows that Facebook is ready to go and how much it is willing to pay for protecting its dominance - even at the risk of breaking Apple's iOS platform rules, depending on it is. Apple may try to block Facebook to distribute its research app, or the employee can only cancel the permission to present the app, and the situation can further extend the relationship between technical giants. Tim Cook of Apple has repeatedly criticized Facebook's data collection practices. To eliminate more information, Facebook, which rejects iOS policies, can become a new Talking Point. TechCrunch has talked to Apple and he is aware of this issue, but the company did not make a statement before the press time.
Fairly technical sounding is our step to establish our root certificate. "It uses Facebook continuously for the most sensitive data about you, and most users are unable to agree to an agreement, regardless of this, because they are not a good way to sign, just Facebook How much power is given to you when you do this. "
Strategy shows that Facebook is ready to go and how much it is willing to pay for protecting its dominance - even at the risk of breaking Apple's iOS platform rules, depending on it is. Apple may try to block Facebook to distribute its research app, or the employee can only cancel the permission to present the app, and the situation can further extend the relationship between technical giants. Tim Cook of Apple has repeatedly criticized Facebook's data collection practices. To eliminate more information, Facebook, which rejects iOS policies, can become a new Talking Point. TechCrunch has talked to Apple and he is aware of this issue, but the company did not make a statement before the press time.
Fairly technical sounding is our step to establish our root certificate. "It uses Facebook continuously for the most sensitive data about you, and most users are unable to agree to an agreement, regardless of this, because they are not a good way to sign, just Facebook How much power is given to you when you do this. "
Facebook’s surveillance app
Facebook entered the data-sniffing business for the first time, when it acquired Owanoo for $ 120 million in 2014. The VPN App helped users track and reduce the use of their mobile data plans, but also gave a thorough analysis of Facebook that they are using other apps. Internal documents obtained by Charlie Warzell and Ryan Mac of BuzzFeed News show that Facebook was able to take advantage of Owano to know that Whatsapp is sending messages more than twice a day as a Facebook Messenger. Onova allowed Facebook to increase the meteorite of Whatsapp, and justified the payment of $ 19 billion to buy chat startup in 2014. Whatsapp has since tripled its user base, which demonstrates the power of the foresight of Owanno.
Over the past few years, Owanno has stopped copying of Facebook, copying, making facilities and floping apps. By 2018, Facebook was promoting the Owano app in the Protect bookmarks of the main Facebook app in hopes of scoring more users to snoring. Facebook also launches the Onavo Bolt app, which lets you lock the app behind a passcode or fingerprint while doing surveys, but Facebook closes the app on the day it was discovered after criticizing privacy. Onavo's main app is available on Google Play and it has been installed more than 10 million times.
Backlash became hot after detailed information by security expert Straafchach in March, on how the Oanoo Protect was informing Facebook when the user's screen was on or off, and Wi-Fi and cellular data were used in bytes even when VPN was closed. went. In June, Apple updated its developer policies to ban the collection of data about the use of other applications or data, which is not necessary for the functioning of the app. Apple informed Facebook in August that Onavo Protect had violated those data collection policies and the social network was required to be removed from the App Store, which he did, Deepa Sitharaman of WSJ reported.
But this does not stop Facebook's data collection.
Over the past few years, Owanno has stopped copying of Facebook, copying, making facilities and floping apps. By 2018, Facebook was promoting the Owano app in the Protect bookmarks of the main Facebook app in hopes of scoring more users to snoring. Facebook also launches the Onavo Bolt app, which lets you lock the app behind a passcode or fingerprint while doing surveys, but Facebook closes the app on the day it was discovered after criticizing privacy. Onavo's main app is available on Google Play and it has been installed more than 10 million times.
Backlash became hot after detailed information by security expert Straafchach in March, on how the Oanoo Protect was informing Facebook when the user's screen was on or off, and Wi-Fi and cellular data were used in bytes even when VPN was closed. went. In June, Apple updated its developer policies to ban the collection of data about the use of other applications or data, which is not necessary for the functioning of the app. Apple informed Facebook in August that Onavo Protect had violated those data collection policies and the social network was required to be removed from the App Store, which he did, Deepa Sitharaman of WSJ reported.
But this does not stop Facebook's data collection.
Project Atlas
TechCrunch recently received a tip that despite the Owano protection was disappeared by Apple, Facebook was paying users to sideload a similar VPN app under the Facebook Research Moniker from outside the App Store. We investigated, and learned that Facebook was working with three apps beta testing services to distribute the Research App: BetaBound, Uetest and AppLockes. Facebook started distributing Research VPN App in 2016. It has been referred to as Project Atlas since at least 2018, when Backlash was enhanced for the Owano Protect, and Apple established its new rules which prohibited the Owano. [Update: First, the same program was called Project Codeyak.] Facebook did not want to stop collecting data on the use of people's phones, and therefore the research program continued, which is neglecting to ban Apple Owano Protect. Was there.
Advertisements for the program run by uTest on Instagram and Snapchat (shown below) 13-17 year olds have been asked for "Paid Media Media Research Study". Facebook's research program, which has praised the sign-up page, does not mention Facebook. , But users want "age: 13-35 (parental consent required for 13-17 years of age)." If minors try to sign-up, they are asked to get their parents' permission with a form that reveals Facebook's involvement and says "there is no known risk associated with the project Although you acknowledge that the underlying nature of the project involves tracking your personal information through the use of your child's application. The child's participation will be compensated by the applause. "Payment due to lack of cash for the children, they can force the sale of your privacy on Facebook.
The applause site explains what data can be collected by the Facebook Research App (emphasis my):
"By installing the software, you are allowing our customer to collect data from your phone, which will help them understand how you browse the Internet, and how to use the features in the applications you have installed. It means that you are allowing our customer to gather information such as what apps are on your phone, how you use them and when, they The data about your activities and content, as well as how other people interact with you or your content within them. Apps: You can let our customer know about your internet browsing activity (the website you visit and Including information about your device and the data being changed between those websites) and other online services. Either way our customers will gather this information, where the app uses encryption, or even from secure browser sessions. "
Meanwhile, the betabound sign-up page with the URL ending in "Atlas" states that "For $ 20 per month (via eGift Card), you will install an app on your phone and in the background Let's go. " Provides $ 20 per friend you referenced. The site also does not mention Facebook initially, but the company's involvement with the instruction booklet for establishing Facebook Research reveals the company's involvement.
It seems that Facebook is left with Apple's official beta testing system, the purpose of TestFlight, which requires an app reviewed by Apple and it is limited to 10,000 participants. Instead, the instruction manual shows that users download apps from r.facebook-program.com and they are asked to install enterprise developer certificates and VPNs and "Trust" Facebook in which the data reaches their phones is. Apple requires that developers agree to use only this certificate system to deliver internal corporate applications to their own employees. Recruiting defenders and paying them a monthly fee seems to violate the spirit of that rule.
The applause site explains what data can be collected by the Facebook Research App (emphasis my):
"By installing the software, you are allowing our customer to collect data from your phone, which will help them understand how you browse the Internet, and how to use the features in the applications you have installed. It means that you are allowing our customer to gather information such as what apps are on your phone, how you use them and when, they The data about your activities and content, as well as how other people interact with you or your content within them. Apps: You can let our customer know about your internet browsing activity (the website you visit and Including information about your device and the data being changed between those websites) and other online services. Either way our customers will gather this information, where the app uses encryption, or even from secure browser sessions. "
Meanwhile, the betabound sign-up page with the URL ending in "Atlas" states that "For $ 20 per month (via eGift Card), you will install an app on your phone and in the background Let's go. " Provides $ 20 per friend you referenced. The site also does not mention Facebook initially, but the company's involvement with the instruction booklet for establishing Facebook Research reveals the company's involvement.
It seems that Facebook is left with Apple's official beta testing system, the purpose of TestFlight, which requires an app reviewed by Apple and it is limited to 10,000 participants. Instead, the instruction manual shows that users download apps from r.facebook-program.com and they are asked to install enterprise developer certificates and VPNs and "Trust" Facebook in which the data reaches their phones is. Apple requires that developers agree to use only this certificate system to deliver internal corporate applications to their own employees. Recruiting defenders and paying them a monthly fee seems to violate the spirit of that rule.
Once installed, users will have to keep VPN on to pay and send data to Facebook. The applause-administered program requested that users screenshot their Amazon order page. This data can potentially help with the use of Facebook tie browsing habits and other applications with purchase priorities and behavior. That information can be used to point out ad targeting and to understand what kind of purchases the users make.
TechCrunch commissioned Strapack to analyze Facebook Research App and find out where he was sending the data. They confirmed that the data has been sent to "vpn-sjc1.v.facebook-program.com", which is associated with the IP address of Owano, and which is registered on the Facebook- program.com domain Facebook, the marketer's according. The app can update itself without having to interact with the app store, and the email address is linked to PeopleJourney@fb.com. He also discovered that Enterprise Certificate indicates that Facebook renewed it on June 27, 2018. A week after that Apple had announced its new rules, which likewise restricted the Owano Protect app.
"It's hard to know what Facebook really is saving data (without access to their servers). Here is the only information that is accessible to know how much Facebook access is enabled based on the code in the app. And it offers a very worrisome picture, "Straafatch explains. "They can answer and claim only to maintain / save specific data, and this can be true, it really boils down to how much you trust Facebook's word on it. The most charitable statement of this situation would be that Facebook does not think very difficult about the level of access it gives, if it is so, there is a shocking level of negligence in itself. "
TechCrunch commissioned Strapack to analyze Facebook Research App and find out where he was sending the data. They confirmed that the data has been sent to "vpn-sjc1.v.facebook-program.com", which is associated with the IP address of Owano, and which is registered on the Facebook- program.com domain Facebook, the marketer's according. The app can update itself without having to interact with the app store, and the email address is linked to PeopleJourney@fb.com. He also discovered that Enterprise Certificate indicates that Facebook renewed it on June 27, 2018. A week after that Apple had announced its new rules, which likewise restricted the Owano Protect app.
"It's hard to know what Facebook really is saving data (without access to their servers). Here is the only information that is accessible to know how much Facebook access is enabled based on the code in the app. And it offers a very worrisome picture, "Straafatch explains. "They can answer and claim only to maintain / save specific data, and this can be true, it really boils down to how much you trust Facebook's word on it. The most charitable statement of this situation would be that Facebook does not think very difficult about the level of access it gives, if it is so, there is a shocking level of negligence in itself. "
“Flagrant defiance of Apple’s rules”
In response to TechCrunch investigation, a Facebook spokesman confirmed the program running to know how people use their phones and other services. The spokesperson told us "Like many companies, we invite people to participate in research, which helps us identify things that we can do better, because this research helps Facebook understand this. The purpose of this is to understand how people use their mobile devices, so we can talk about the types of data we collect and how they can participate. Provided brewing information. We do not share with others the information and people can stop participating at any time. "
A Facebook spokesman claimed that the Facebook Research App was in line with Apple's Apple Enterprise Certificate program, but did not tell it in conjunction with the contrary evidence. He said that Facebook first launched its Research App Program in 2016. He tried to compare the program with a focus group and said that Nielsen and ComScore run similar programs, yet none of them ask people to install VPN or provide root access to the network. The spokesman confirmed that the Facebook Research Program recruits teens or other age groups around the world. He claimed that Owano and Facebook Research are separate programs, but he acknowledged that the same team supports the explanation of both why their code was the same.
However, Facebook claims that it does not violate Apple's enterprise certificate policy, it is directly contrary to the terms of that policy. Those developers include "Provide a Provisioning Profile in conjunction with only for their employees and their internal use applications for the purpose of developing and testing". It has also been stated in the policy that "unless you can not use, distribute or otherwise use your internal use applications under the direct supervision of employees or in the company's premises." Given that Facebook's customers are using an enterprise-certified-driven app without supervision, it appears that Facebook is in violation.
Facebook disobeys Apple so that it can hurt his relationship directly. "The code in this iOS app strongly indicates that this is just a bad re-branded build of the restricted Oanno app, which is now using Facebook-owned enterprise certificates in direct violation of Apple's rules, Allows users to distribute this app without review. "Strawfach tells us as many users as we want." Onav prefixes and graph.onavo.com mentions, "onavoApp: //" "OnavoProtect: //" custom URL that lit Plans App. "This is a serious infringement on many fronts, and I hope that the app will work fast to cancel the signed certificate to present ineffective."
Facebook is particularly interested in teens on their phones, because demographic has left the social network in favor of Snapgit, YouTube and Facebook's Instagram. In the teens, the Chinese video music app, Insight on TikTok and Mem Sharing, launches a clone called Lasso while launching Facebook and starts developing a mem-browsing feature called 'LoL', TechCrunch first reported. But Facebook's interest in statistics about teenagers is appreciated by critics at the time when the company is beaten in the press. Analysts of yesterday's Facebook earnings call should inquire about how the company has more ways to collect competing intelligence.
Facebook disobeys Apple so that it can hurt his relationship directly. "The code in this iOS app strongly indicates that this is just a bad re-branded build of the restricted Oanno app, which is now using Facebook-owned enterprise certificates in direct violation of Apple's rules, Allows users to distribute this app without review. "Strawfach tells us as many users as we want." Onav prefixes and graph.onavo.com mentions, "onavoApp: //" "OnavoProtect: //" custom URL that lit Plans App. "This is a serious infringement on many fronts, and I hope that the app will work fast to cancel the signed certificate to present ineffective."
Facebook is particularly interested in teens on their phones, because demographic has left the social network in favor of Snapgit, YouTube and Facebook's Instagram. In the teens, the Chinese video music app, Insight on TikTok and Mem Sharing, launches a clone called Lasso while launching Facebook and starts developing a mem-browsing feature called 'LoL', TechCrunch first reported. But Facebook's interest in statistics about teenagers is appreciated by critics at the time when the company is beaten in the press. Analysts of yesterday's Facebook earnings call should inquire about how the company has more ways to collect competing intelligence.
Last year when Tim Cook was asked what he did in the case of Mark Zuckerberg in the wake of the Cambridge Analyst scandal, he said, "I am not in this situation. . . The truth is that if we can monetize our customer, if our customer is our product, then we can earn a tonne of money. We have been chosen not to do this. "Zuckerberg told Ezra Klein that Cook's comment was" extremely spectacular ".
It is now clear that even after Apple's warnings and the removal of Onavo Protect, Facebook is still aggressively collecting data on its competitors through Apple's iOS platform. "I've never seen such open and key defense of Apple's rules by the developer of the App Store," Straffach concludes. If Apple closes the research program, then Facebook will either have to invent new ways to survey our behavior between the privacy investigation environment, or be left in the dark.
It is now clear that even after Apple's warnings and the removal of Onavo Protect, Facebook is still aggressively collecting data on its competitors through Apple's iOS platform. "I've never seen such open and key defense of Apple's rules by the developer of the App Store," Straffach concludes. If Apple closes the research program, then Facebook will either have to invent new ways to survey our behavior between the privacy investigation environment, or be left in the dark.
No comments:
Post a Comment