Facebook Exposed your Messenger Chat and More !

13 total views, 13 views today

Exposed! Facebook pays teenagers to install app that harvests
personal data

ROOT-CERTIFICATE APP SUCKED UP PHONES’ PRIVATE DATA AND WEB
BROWSING ACTIVITY.

Facebook exposed paying teenagers to install app that harvested
personal data

Since 2016 Facebook has been paying users aged 13-35 up to $20
per month to install an app which has almost unlimited limitless
access to their smartphones and most sensitive data.

Reporters at TechCrunch exposed the scheme which saw users
install a “research” app capable of scoop up:

private chat messages, including photos and videos
emails
web-browsing activity
a list of which apps were installed on the device, and when they
were last used
the user’s physical location history
data usage
According to the report, the app is similar to the Onavo Protect
VPN app that Facebook was forced to withdraw from the iOS App Store
after Apple determined that it was breaking its data-collection
policies.

From the sound of things, Facebook is installing the offending
app using the enterprise provisioning features that Apple provides
for companies who wish to roll out their own enterprise
certificate-signed versions of apps to employees, rather than the
official iOS App Store.

They do this by asking users to install a root certificate which
has almost unlimited access to the phone. The enterprise
provisioning feature is intended for employees of a company, not
13-year-old users of a social media website. In short, Facebook has
again breached Apple’s rules.

Facebook research app

It seems to me that Apple would be well within its rights to
revoke the certificates. Whether Apple will be prepared to take
that ballsy step remains to be seen, but it would certainly see
tensions between the two companies flare up.

Josh Constine at TechCrunch writes:

“The strategy shows how far Facebook is willing to go and how
much it’s willing to pay to protect its dominance — even at the
risk of breaking the rules of Apple’s iOS platform on which it
depends. Apple could seek to block Facebook from continuing to
distribute its Research app, or even revoke it permission to offer
employee-only apps, and the situation could further chill relations
between the tech giants. Apple’s Tim Cook has repeatedly criticized
Facebook’s data collection practices. Facebook disobeying iOS
policies to slurp up more information could become a new talking
point.”

Within hours of TechCrunch’s report being published, Facebook
moved from a position of defending its behaviour on the grounds
that participants consented (it’s unclear how Facebook confirmed
13-year-olds received their parents’ permission) to announcing that
they would be halting the research program on Apple devices.

According to a BBC News report, when it posed as a 14-year-old
boy during its own test, it was able to download the app without
any request for parental consent.

For now there is no indication that Facebook is planning to stop
the “research” on Android phones.

I can’t imagine why anyone would trust Facebook with its
personal profile information, let alone installing apps which can
read their private chats and emails or track their web
browsing.

more

Project Atlas”

To get the miserly $20 gift cards, Facebook asked iOS
and Android users to install a virtual private network that
sends outgoing data streams through a third party. That
could potentially give Facebook “nearly limitless access to a
user’s device,” security expert Will Strafach, who works for
firewall app maker Guardian Mobile Firewall,
told TechCrunch.

“Most users are going to be unable to reasonably consent to this
regardless of any agreement they sign, because there is no good way
to articulate just how much power is handed to Facebook when you do
this,” Strafach told TechCrunch.

Post Views: 13