A report found that Facebook has been paying users to gather highly sensitive personal data as part of a research project.
Facebook has been paying some users up to $20 a month to allow the company to analyse the data on their devices. According to an explosive report in TechCrunch yesterday (29 January), Facebook is said to have created an app that breached Apple’s privacy protection policy.
The app is apparently similar to Onavo Protect, which Apple said last June violated its regulations, and it was removed in August.
Paid market research
The report said Facebook has been paying people between the ages of 13 and 35 up to $20 a month plus referral fees for their phone and web activity. Participating users install a ‘Facebook Research’ VPN app. The company administers the research programme through testing services Applause, BetaBound and uTest. In some documentation, it is referred to as ‘Project Atlas’.
The app in question installed a root certificate, which allows for more granular access to a phone’s software and network traffic. According to Apple’s Developer Enterprise Program License Agreement, these certificates must be used for “specific business purposes” and are “only for use by your employees”. It is not clear that market research would be an acceptable reason for installation of the root certificate.
Potential access to troves of data
Using the app, the company would potentially have access to user web searches, location information, direct messages in social media apps and a whole host of other data types. Participants were even asked to screenshot a page showing what they ordered from e-commerce giant Amazon.
The company said that everyone involved in the programme had consented, noting that market research is standard practice. That said, following the publication of the TechCrunch investigation, the firm said it would be ending the programme on Apple devices, but it is not suspending a parallel Android project.
In a statement, Facebook said: “Key facts about this market research programme are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear onboarding process asking for their permission and were paid to participate.
“Finally, less than 5pc of the people who chose to participate in this market research programme were teens, all of them with signed parental consent forms.” When asked about how consent was obtained by the BBC, Facebook said it was handled by a third party and did not provide further information.