Facebook can no longer distribute app that paid users to track their phones: Apple

Apple says Facebook can longer distribute an app that paid users, including teenrs, to extensively track ir phone and web use.

In doing so, Apple closed off Facebook's efforts to sidestep Apple's app store and its tighter rules on privacy.

tech blog TechCrunch reported late Tuesday that Facebook paid people about USD 20 a month to install and use Facebook Research app. While Facebook says this was done with permission, company has a history of defining "permission" loosely and obscuring what data it collects.

"I don't think y make it very clear to users precisely what level of access y were granting when y gave permission," mobile app security researcher Will Strafach said Wednesday. 

"re is simply way users understood this." 

He said Facebook's claim that users understood scope of data collection was "muddying waters." 

Facebook says fewer than 5 per cent of app's users were teens and y h parental permission. 

neless, revelation is yet ar blemish on Facebook's track record on privacy and could invite furr regulatory scrutiny.

And it comes less than a week after court documents revealed that Facebook allowed children to rack up huge bills on digital games and that it h rejected recommendations for dressing it for fear of hurting revenue growth.

For w, app appears to be available for Android phones, though t through Google's main app store. 

Google h comment Wednesday.

Apple said Facebook was distributing Facebook Research through an internal-distribution mechanism meant for company employees, t outsiders. Apple has revoked that capability.

ALSO RE | Facebook has been paying teens up to $20 a month to spy on ir Android, iOS devices

TechCrunch reported separately Wednesday that Google was using same privileged access to Apple's mobile operating system for a market-research app, Screenwise Meter. 

Asked about it by Associated Press, Google said it h disabled app on Apple devices and apologised for its "mistake." 

company said Google h always been "upfront with users" about how it used data collected by app, which offered users points that could be accrued for gift cards. 

In contrast to Facebook Research app, Google said its Screenwise Meter app never asked users to let company circumvent network encryption, meaning it is far less intrusive.

Facebook is still permitted to distribute apps through Apple's app store, though such apps are reviewed by Apple ahe of time. 

And Apple's move Wednesday restricts Facebook's ability to test those apps including core apps such as Facebook and Instagram before y are released through app store.

Facebook previously pulled an app called Onavo Protect from Apple's app store because of its stricter requirements. 

But Strafach, who dismantled Facebook Research app on TechCrunch's behalf, told AP that it was mostly Onavo repackd and rebranded, as two apps shared about 98 per cent of ir code.

As of Wednesday, a disclosure form on Betabound, one of services that distributed Facebook Research, informed prospective users that by installing Facebook Research, y are letting Facebook collect a range of data.

ALSO RE | Facebook assures transparency with political s ahe of 2019 Indian general election

This includes information on apps users have installed, when y use m and what y do on m. 

Information is also collected on how or people interact with users and ir content within those apps, according to disclosure.

Betabound warned that Facebook may collect information even when an app or web browser uses encryption.

Strafach said emails, social media activities, private messs and just about anything else could be intercepted. 

He said only data absolutely safe from soping are from services, such as Signal and Apple's iMesss, that fully encrypt messs prior to transmission, a method kwn as end-to-end encryption.

Strafach, who is CEO of Guardian Mobile Firewall, said he was aghast to discover Facebook caught red-handed violating Apple's trust.

He said such traffic-capturing tools are only supposed to be for trusted partners to use internally. Inste, he said Facebook was scooping up all incoming and outgoing data traffic from unwitting members of public in an app geared toward teenrs.

"This is very flagrantly t allowed," Strafach said. "It's mind-blowing how defiant Facebook was acting."