Back in August, Apple asked Facebook to remove its Onavo VPN from the App Store, saying the app was in violation of its data collection policies. Now, TechCrunch reports that Facebook has sidestepped the App Store and has been paying teenagers and adults to install a “Facebook Research” VPN on their device.
According to the report, Facebook has been paying users between the ages of 13 and 35 up to $20 per month, plus referral fees, to install the Facebook Research app. The company has sidestepped the App Store completely in this process, administering it through beta testing services Applause, BetaBound, and uTest.
Essentially, once Onavo VPN was banned from the App Store last year, Facebook started referring to it as Project Atlas and running ads on Snapchat and Instagram. In those ads, Facebook is not mentioned at all.
The Applause ads don’t mention Facebook, and make the enticing pitch for a “paid social media research study.” The only mention of Facebook comes when users under the age of 18-years-old attempt to sign-up, as parents are required to fill out a consent form in this instance.
Meanwhile, BetaBound makes a similar pitch, saying that users will receive $20 per month to install an app and let it run in the background. Users are also promised an additional $20 for every friend they refer.
On its website, Applause outlines the data that is collected as part of this “research” study:
Facebook completely bypasses Apple’s own beta testing system TestFlight for this app. Instead, users must visit r.facebook-program.com, where they are instructed to install “an Enterprise Developer Certificate and VPN” and “trust Facebook with root access to their phone plus much of the data it transmits.”
This certificate is only supposed to be used by developers distributing internal corporate applications, with Facebook’s implementation seemingly a clear violation of that guideline.
TechCrunch says that Apple is “aware” of the issue, but it’s unclear if it might ban Facebook from using Enterprise Developer Certificates. For its part, Facebook oddly says that its usage does not violate Apple’s guidelines, but fails to offer any evidence to support that claim.
TechCrunch’s full investigation is worth a read and can be found here.
they didn’t even bother to change the function names, the selector names, or even the “ONV” class prefix. it’s literally all just Onavo code with a different UI. pic.twitter.com/ruqH69pUfq
— Will Strafach (@chronic) January 29, 2019
this is the most defiant behavior I have EVER seen by an App Store developer. it’s mind blowing. this is an amazing scoop by @JoshConstine – I still don’t know how to best articulate how absolutely floored I am by Facebook thinking they can get away with this.
— Will Strafach (@chronic) January 30, 2019
