Facebook has been paying teens up to $20 a month to spy on their Android, iOS devices

Facebook has been secretly running a program, called Project Atlas, to collect private phone and web activity stats from paid volunteers for the past three years and “has no plans to stop,” according to a new TechCrunch report. The report claims the social media company has been paying users ages 13 to 35 up to $20 plus referral fees a month in exchange for installing an app called Facebook Research on their Android or iOS devices, which collects this data and sends it back to Facebook. Facebook has confirmed the existence of the research program to TechCrunch. 

Facebook was previously collecting some of this data through Onavo Protect, a VPN service that it acquired for around $120 million in 2014. The data is said to have helped Facebook gauge the vast potential of WhatsApp -- a startup then -- at one point of time, then acquire it for $19 billion in the same year. Facebook removed the app from the Apple App Store last year after Apple complained that it violated their guidelines on privacy and data collection.  

Facebook may have chalked out a workaround the ban with its Research app – the report calls it a poorly re-branded build of the banned Onavo app – in that, it has essentially been paying users to sideload it from outside of the App Store. Facebook has broadly been working with three app beta testing services, BetaBound, uTest and Applause, to distribute its Research app, and it has been doing this since 2016 in what appears to be an open disregard for Apple’s privacy rules. 

The Research app requires that users install a custom root certificate which is actually an enterprise certificate designed to grant employers access to employees’ work devices, but Facebook has been using it to gain root access on iPhones meant for consumers. The whole process allows Facebook to “distribute this app without Apple review to as many users as they want.” A Facebook spokesperson has confirmed to TechCrunch that the said program somehow does not violate Apple’s policies, even though it may seem like it does.  

What’s alarming is that Facebook gets “nearly limitless access to a user’s device once they install the app,” ranging from “private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” The app also apparently asks users to take screenshots of their Amazon order history and send it back to Facebook. And there’s no way users know that Facebook is involved, until just before they install the app – possibly lured by cash.  

Facebook has been in the eye of the storm over a string of privacy scandals lately. And Apple has been more than vocal about its stand on user privacy. Last year when Apple CEO Tim Cook was asked what he’d do if he were in Facebook boss Mark Zuckerberg’s position in the wake of the Cambridge Analytica scandal, he said “I wouldn’t be in this situation. The truth is we could make a ton of money if we monetized our customer, if our customer was our product. We’ve elected not to do that.”

Zuckerberg had called Tim Cook's comments on Facebook extremely glib saying just because the social media company did not charge its users, it didn’t mean it cared any less about them (about their privacy).

Now that Facebook has been caught foot in mouth, paying volunteers to spy on their devices, tensions are bound to heighten between the two companies.