Ever watchful of its competitors (and not so concerned about your privacy), Facebook has been paying people so it can keep tabs on their phone and internet usage.
As unearthed by TechCrunch, the research program dubbed “Project Atlas” sought users who would be willing to install an app that gave Facebook unfettered access to their iOS or Android phones for $20 a month, plus referral fees.
Facebook recruited users aged 13-35 years old via beta testing services like Applause, BetaBound and uTest, with the latter company running ads for a “paid social media research study” on Instagram and Snapchat.
In the case of Applause and Betabound, Facebook isn’t explicitly mentioned on the sign-up pages for these studies. These pages do, however, disclose what kind of information will be extracted from users, and boy, it’s pretty extensive.
The below extract is from Applause’s project disclosure:
By installing the software, you’re giving our client permission to collect data from your phone that will help them understand how you browse the internet, and how you use the features in the apps you’ve installed. This data will only be used by our client, and won’t be shared with unaffiliated third parties. This means you’re letting our client collect information such as which apps are on your phone, how and when you use them, data about your activities and content within those apps, as well as how other people interact with you or your content within those apps.
The kind of data Facebook could access includes private messages and chats from apps, internet searches, emails, web browsing activity, and location information, as noted by Guardian Mobile Firewall’s Will Strafach.
As part of the study, users were even asked to provide screenshots of their Amazon purchases. Again, it’s a lot of information for a measly $20 gift card.
For underage users, Applause requires parental permission, and Facebook is mentioned in the consent agreement. There’s also this line about the company tracking your children.
There are no known risks associated with this project, however you acknowledge that the inherent nature of the project involves the tracking of personal information via your child’s use of Apps. You will be compensated by Applause for your child’s participation.
Usually when apps are tested on iOS, developers go through Apple’s TestFlight, the tech giant’s program to administer app tests.
In this case, Facebook circumvented TestFlight, instead directing participants to download the Facebook Research app from one of its sites.
Users are then asked to install an Enterprise Developer Certificate, then to “Trust” Facebook, which is meant for companies to distribute apps among their own employees.
As highlighted by TechCrunch, the Facebook Research app sent data to an address which is affiliated with Onavo, a VPN app which was pulled by Facebook last August after Apple warned that the app violated its policies on data gathering.
Onavo was employed by Facebook to gather data on how users utilized competitor apps like Snapchat, as revealed in documents last December. As noted by Strafach, Facebook’s Research app appears to be a “poorly re-branded build of the banned Onavo app.”
As per its App Store guidelines, collecting information from other apps installed on a user’s a device is something that is a clear no-no with Apple, and one can expect that Apple is set to butt heads with Facebook again.
Mashable has contacted Facebook and Apple for comment.