Facebook's defunct Research app gleaned private data from 187,000 users
Facebook's Research app, which was banned by Apple in January for violating App Store Review Guidelines, managed to collect personal and potentially sensitive information from some 187,000 users since 2016, according to a report on Wednesday.
The number was divulged in a letter addressed to U.S. Sen. Richard Blumenthal and subsequently seen by TechCrunch. Blumenthal has voiced criticism of Facebook's handling of user privacy matters and the lackadaisical pace of a Department of Justice investigation into the social network.
In all, Facebook said its "Project Atlas" initiative, publicly known as the Research app, obtained data from 187,000 users, including 34,000 teenagers. Of the 31,000 users who had their data collected in the U.S., 4,300 were teenagers, the letter said.
Facebook maintains the operation was driven by analytics, but notes the now-defunct app in some cases received "non-target" information.
"We did not review all of the data to determine whether it contained health or financial data," a Facebook spokesperson told the publication. "We have deleted all user-level market insights data that was collected from the Facebook Research app, which would include any health or financial data that may have existed."
Apple commented on the issue in a separate letter sent to lawmakers in March, the report said. The tech giant admitted it did not know how many devices were running the Research app, which was deployed using Enterprise Developer Certificate and VPN technology typically reserved for business applications.
"We know that the provisioning profile for the Facebook Research app was created on April 19, 2017, but this does not necessarily correlate to the date that Facebook distributed the provisioning profile to end users," said Apple director of federal affairs Timothy Powderly.
Apple caught wind of Facebook Research when a report in January outlined the data-gathering initiative that flouted the iPhone maker's developer rules. The expos discovered Facebook paid program participants $20 plus referral fees to sideload a VPN client on their device, granting nearly unfettered access to iOS usage patterns and activity.
A day after the report went to press, Apple pulled Facebook's enterprise certificate, saying the company was in violation of its Enterprise Developer Program agreement. Google, which was running a similar analytics campaign called Screenwise Meter, saw its certificate revoked that same day.
Apple later restored privileges and in a statement to TechCrunch today confirmed both companies are in compliance with developer rules.
The number was divulged in a letter addressed to U.S. Sen. Richard Blumenthal and subsequently seen by TechCrunch. Blumenthal has voiced criticism of Facebook's handling of user privacy matters and the lackadaisical pace of a Department of Justice investigation into the social network.
In all, Facebook said its "Project Atlas" initiative, publicly known as the Research app, obtained data from 187,000 users, including 34,000 teenagers. Of the 31,000 users who had their data collected in the U.S., 4,300 were teenagers, the letter said.
Facebook maintains the operation was driven by analytics, but notes the now-defunct app in some cases received "non-target" information.
"We did not review all of the data to determine whether it contained health or financial data," a Facebook spokesperson told the publication. "We have deleted all user-level market insights data that was collected from the Facebook Research app, which would include any health or financial data that may have existed."
Apple commented on the issue in a separate letter sent to lawmakers in March, the report said. The tech giant admitted it did not know how many devices were running the Research app, which was deployed using Enterprise Developer Certificate and VPN technology typically reserved for business applications.
"We know that the provisioning profile for the Facebook Research app was created on April 19, 2017, but this does not necessarily correlate to the date that Facebook distributed the provisioning profile to end users," said Apple director of federal affairs Timothy Powderly.
Apple caught wind of Facebook Research when a report in January outlined the data-gathering initiative that flouted the iPhone maker's developer rules. The expos discovered Facebook paid program participants $20 plus referral fees to sideload a VPN client on their device, granting nearly unfettered access to iOS usage patterns and activity.
A day after the report went to press, Apple pulled Facebook's enterprise certificate, saying the company was in violation of its Enterprise Developer Program agreement. Google, which was running a similar analytics campaign called Screenwise Meter, saw its certificate revoked that same day.
Apple later restored privileges and in a statement to TechCrunch today confirmed both companies are in compliance with developer rules.
Comments
There is no world antitrust regulator to watch situation.
Or at least, stop tracking our kids!
With Trump saying he welcomes election interference in 2020 because it is now normal and acceptable, will Facebook continue to support foreign disinformation campaigns? Or maybe ramp it up? Those hundreds of thousands of provocative posts sell lots of clicks -- and clicks mean revenue.
"Nor did we bother with pesky due diligence to see exactly what data the app could collect."
So were they out of compliance at the time the certification was pulled, and was something changed in the app to bring it into compliance? Or did Apple move too quick?
They don't call it 'getting Zucked' for nothing.
"Don't Be Evil" and "Do the Right Thing" are cynical mottos and as meaningless as the "meek shall inherit the Earth".