Facebook Paid Children To Use VPN Spyware Violating App Store’s Policies

Image for post
Image for post

Facebook, notorious for being the world’s most pervasive social media corporation, decided even children needed spying on. In a new investigation published by TechCrunch, the company went as far as to pay all of their users for the use of a “Facebook Research” VPN which allowed admins to “suck in all of a user’s phone and web activity”, which is clearly a violation of the Apple developer policies. In the wake of this report, Apple blocked the VPN app before the company could voluntarily shut it down.

By their own admission, the world’s richest social media site has been paying users between the ages of 13 to 35 (at least on paper) around $20 per month plus referral fees to “gather data on usage habits” since as early as 2016. Cloaked from the public eye as “Project Atlas”, the spyware app sought to “decrypt and analyze” the phone activity of their own users across the world through “root network access” that “routes traffic back to Facebook”. Through obtaining vague consent in the form of TOS policy, the site was granted unlimited jurisdiction as the site could screenshot Amazon order histories to potentially knowing the porn their users watched by receiving the fine print “trust” of their users.

(“Facebook’s Research program is referred to as Project Atlas on sign-up sites that don’t mention Facebook’s involvement anywhere,” wrote tech journalist Josh Constine.)

The company also admitted to using rat-hole beta testing services, such as Applause, BetaBound and uTest, in order to hide direct involvement with their own service. The only visible connection with the site was the app being a “Facebook Study” which, of course, has better framing than something along the lines of Facebook’s Espionage Program. Monopolies have to maintain their status somehow, even if that includes spying on the market to gather intel on the competition.

The publication soon asked Will Strafach, the security expert for the privacy app Guardian Mobile Firewall, to further investigate the website’s boundaries. “If Facebook makes full use of the level of access they are given by asking users to install the Certificate,” he stated, “they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps — including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location-tracking apps you may have installed.” The spying possibilities were virtually limitless.

Image for post
Image for post

Once the spyware racket was discovered by journalist Josh Constine and his fellow TechCrunch editors, Facebook provided assurances the app would be shut down on iOS in the near future. It remained up till Tuesday when the App Store decided to pull the plug. Facebook’s research program continues to run on Android to this day, thus making Google and their App Store administrators complicit with the pervasive actions of their competitor. This isn’t unsurprising given TechCrunch also discovered Screenwise Meter, Google’s own surveillance app breaks the exact same iOS rules. No honour amongst Big Tech companies, I suppose.

“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization,” stated an Apple spokesperson in a public statement. “Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute such apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

Keep in mind, Facebook is by no means a first-time offender. Before we even get into the data scandals of Cambridge Analytica and Russian-bought political memes, The Wall Street Journal reported on how the company was forced to remove their eerily similar app called the Onavo Protect, another VPN program which was removed from iOS for clearly violating their policies on predatory data collection. Readers should greatly reconsider where exactly their VPNs are coming from and who is pushing them before granting their privacy over to the rapaciously rich.

“Facebook seems to have purposefully avoided TestFlight, Apple’s official beta testing system, which requires apps to be reviewed by Apple and is limited to 10,000 participants,” Constine writes. “Instead, the instruction manual reveals that users download the app from r.facebook-program.com and are told to install an Enterprise Developer Certificate and VPN and ‘Trust’ Facebook with root access to the data their phone transmits. Apple requires that developers agree to only use this certificate system for distributing internal corporate apps to their own employees. Randomly recruiting testers and paying them a monthly fee appears to violate the spirit of that rule.”

The company has continually abused moral ethics and legal policies behind iOS’ Enterprise Certificate program, going as far as to use the same code and references to the removed Onavo Protect, yet Facebook absurdly wants to make the argument their ability to self-regulate will solve the market’s privacy problems — while the only compensation that Big Brother grants users for the millions in profits this surveillance provided totals $20. It’s naivety bordering on insanity. Facebook pat themselves on the back for hiring privacy experts who focus on free speech and digital rights, though the powers that be merely have them on as consultants to play the role of fake moral capitalists instead of truly acting the part.

TechCrunch sources also explained Facebook’s misuse of their Enterprise Certificate violate their own privacy policies state Facebook and Instagram. This means that if we’re enforcing the rules justly, it should result in their termination from iOS entirely — though is unlikely due to the monopolistic power behind their enterprise. Instead, the tech companies are fighting it out amongst themselves behind closed doors without public transparency. “That’s causing mayhem at Facebook,” Constine wrote, “disrupting their daily workflow and ability to do product development… the disruption will translate into a huge loss of productivity for Facebook’s 33,000 employees.”

“It is tricky to know what data Facebook is actually saving (without access to their servers). The only information that is knowable here is what access Facebook is capable of based on the code in the app. And it paints a very worrisome picture,” Strafach told the publication. “They might respond and claim to only actually retain/save very specific limited data, and that could be true, it really boils down to how much you trust Facebook’s word on it. The most charitable narrative of this situation would be that Facebook did not think too hard about the level of access they were granting to themselves . . . which is a startling level of carelessness in itself if that is the case.”

Image for post
Image for post

Thanks for reading! This article was originally published for TrigTent.com, a bipartisan media platform for political and social commentary, truly diverse viewpoints and facts that don’t kowtow to political correctness.

Bailey Steen is a journalist, graphic designer and film critic residing in the heart of Australia. You can also find his work right here on Medium and publications such as Janks Reviews.

For updates, feel free to follow @atheist_cvnt on his various social media pages on Facebook, Twitter, Instagram or Gab. You can also contact through bsteen85@gmail.com for personal or business reasons.

Stay honest and radical. Cheers, darlings. 💋

Written by

troubled writer, depressed slug, bisexual simp, neoliberal socialist, trotskyist-bidenist, “corn-pop was a good dude, actually,” bio in pronouns: (any/all)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store