Facebook paid teens $20 to install a Research App that spies on them

Pierluigi Paganini January 30, 2019

Facebook is paying teens $20 a month to use its VPN app, called Facebook Research, that monitors their activity via their mobile devices.Facebook is paying teens $20 a month to use its VPN app, called Facebook Research, that monitors their activity via the mobile devices.

2018 was a terrible year for Facebook that was in the middle of the Cambridge Analytica privacy scandal. The social network giant was involved in other cases, for example, it was forced to remove its Onavo VPN app from Apple’s App Store because it was caught collecting some of data through Onavo Protect, the Virtual Private Network (VPN) service that it acquired in 2013.

According to a report presented by Privacy International in December at 35C3 hacking conference held in Germany, the list of Android apps that send tracking and personal information back to Facebook includes dozens of apps including KayakYelp, and Shazam, Facebook

Now according to a report published by TechCrunch, Facebook is paying teenagers around $20 a month to use its VPN app that monitors their activity on via the mobile devices.

Facebook Research App Icon

Facebook is accused of using the VPN app to track users’ activities across multiple different apps, especially the use of third-party apps.

“Desperate for data on its competitors, Facebook  has been secretly paying people to install a ‘Facebook Research’ VPN that lets the company suck in all of a user’s phone and web activity, similar to Facebook’s Onavo Protect app that Apple banned in June and that was removed in August.” reads the report published by Techcrunch.

“Facebook sidesteps the App Store and rewards teenagers and adults to download the Research app and give it root access to network traffic in what may be a violation of Apple policy so the social network can decrypt and analyze their phone activity, a TechCrunch investigation confirms.”

Techcrunch reported that some documentation refers to the Facebook Research program as “Project Atlas,” it added that Facebook confirmed the existence of the app.

The news is disconcerting, despite the privacy cases in which Facebook was involved, the company has been paying users ages 13 to 35  as much as $20 per month plus referral fees for installing Facebook Research on their iOS or Android devices. The company described the ‘Facebook Research’ app as “paid social media research study.”

Facebook is distributing the app via third-party beta testing services Applause, BetaBound, and uTest that were also running ads on Instagram and Snapchat recruiting participants to install Facebook Research.

Let’s give a close look at the Facebook Research App. The app requires users to install a custom root enterprise certificate to allow the social media giant to collect private messages in social media apps, chats from in instant messaging apps, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps installed on the users’ devices.

Experts pointed out that in some case, the Facebook Research app also asked users to take screenshots of their Amazon order histories and send it back to Facebook.

Reading the Applause site it is possible to have more info on how the company could use the data:

“By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed . . . This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps. You are also letting our client collect information about your internet browsing activity (including the websites you visit and data that is exchanged between your device and those websites) and your use of other online services. There are some instances when our client will collect this information even where the app uses encryption, or from within secure browser sessions.” ” the terms read.

Facebook confirmed that the app was developed for research purposes, in particular to study how people use their mobile devices.

“like many companies, we invite people to participate in research that helps us identify things we can be doing better.” explained Facebook.

“helping Facebook understand how people use their mobile devices, we have provided extensive information about the type of data we collect and how they can participate. We do not share this information with others, and people can stop participating at any time.”

Facebook’s spokesperson claimed that the app doesn’t violate the Apple’s Enterprise Certificate program. Techcrunch points out that since Apple requires developers to only use this certificate system for distributing internal corporate apps to their own employees, “recruiting testers and paying them a monthly fee appears to violate the spirit of that rule,”

After the disclosure of the report, Facebook announced that it is planning to shut down the iOS version of the Facebook Research app.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Facebook Research app, Privacy)

[adrotate banner=”5″] [adrotate banner=”13″]



you might also like

leave a comment