A new survey reveals how Facebook has paid some users $20 a month in exchange for all data on the use of these people’s devices, including private messages and complete browsing history.
Facebook is in a delicate situation because of a “research program” aimed at knowing all the actions of a user on their smartphone to better understand their habits. This program, known as Facebook Research, was available on iOS and Android and consisted of collecting all user usage data (volunteers aged 13 to 25) in exchange for $20 per month.
Facebook collected data on some users thanks to Onavo Project, a VPN service that it acquired in 2013, but then brought the practice to the next level. If thanks to Onavo Project Facebook was able to steal information on the services used by users, going to identify potential competitors and take the appropriate countermeasures (such as, for example, by opening Facebook Dating to counter Tinder), with Facebook Research the company has had access to all device usage data.
TechCrunch writes that in order to achieve this result, Facebook Research required the installation of a root certificate, normally used by companies to control the company devices of their employees. These certificates allowed Facebook to access all user data: messages, emails, online searches, browsing activities and so on. The program also required sending screenshots of the Amazon carts. The level of pervasiveness of this research was therefore total.
The point is, then, that the registration procedure seems not to be particularly clear: Facebook relied on external services that distributed the application and in the information on the project there was generally talk of “access to information on the habits and use of applications”, without providing precise details on which and how much information should be collected.
Not only that: The use of a root certificate in this way violates the terms established by Apple for the use of such certificates by developers. In fact, it is envisaged that the certificates can only be used in the corporate environment in order to access the data terminals to employees.
Apple’s reply to the matter was not long in coming. As The Verge writes, the company has completely blocked all the internal applications used by Facebook and distributed on the devices of its employees. These include not only applications in the internal test phase (typically the development versions of the applications then distributed to the public), but also applications developed for their employees as an application for the canteen or one for transport.
Although there are several ways in which Facebook can solve this problem, at the moment the situation is considered “critical” because the applications simply do not work anymore, to the point that they do not even open. This is because Apple has revoked the certificates associated with Facebook, so as to prevent Facebook Research from continuing to work but also preventing internal applications to open.
Facebook is not among the only ones to have adopted this technique: Google has also used a similar mechanism and has already announced the closure of the program.
This new revelation comes as the latest in a series of problematic situations emerged in the management of data and its resources by Facebook. The company’s credibility is increasingly challenged, especially after the scandals that emerged last year in the Cambridge Analytica case and in subsequent cases. The policies carried out by the company and the user-friendly management of user data, together with the desire to enter into the private life of individuals to make a profit, have brought Facebook on a dangerous slope: when will the fateful “last drop” arrive?