The social network is paying some users to install a VPN that allows them to monitor all the activity of a smartphone
Network security and ethical hacking specialists from the International Institute of Cyber Security claim that Facebook has been secretly paying some of its users to install a VPN, so the social network can fully monitor a user’s activity on his smartphone in a risky attempt to collect as much competitors’ information as possible.
When questioned, the social network recognized the use of a “research tool to collect user habits”.
According to the research, Facebook has been paying users between 13 and 35 years a figure that is around $20 per month in exchange for the installation of the application “Facebook Research” for about two years. The program is administered through beta testing services such as Applause, BetaBound and uTest to cover up Facebook’s participation.
The appearance of these reports shook Facebook, which announced that would close the iOS version of this tool. However, Apple released a statement last Tuesday announcing that Facebook violated some of its policies, so Apple decided to block this tool, contradicting the version that claimed that Facebook had decided to remove this application voluntarily.
Facebook Research requires users to grant extensive access to their data. Will Strafach, specialist in network security, analyzed the application and concluded that if Facebook completely uses the level of access granted by the user to this app, it can collect multiple sensitive data such as:
- Private conversations on different platforms (including multimedia files)
- Internet searches and browsing history
- Location data
According to the specialist, Facebook gets almost unlimited access to the user’s device once Facebook Research is installed. This is a sample of how far Facebook is willing to go to secure its dominant position as a social networking and data collection platform.
Apple manager Tim Cook criticized Facebook’s data collection practices, considering that the social network breached iOS data policies by collecting more data than technology companies are allowed to.
Facebook began with this practice when it acquired Onavo in 2014. The VPN conducted analysis to minimize users’ mobile data plan usage, but also collected details about other applications that were used on a device. For example, thanks to Onavo, Facebook discovered that in one day more than double messages were sent through WhatsApp that through Facebook Messenger, vital information for the social network decided to buy the instant messaging app for over $19 billion USD in 2014. Since then, Onavo began compiling useful information for Facebook’s decision making, until its closure in 2018 by criticisms of online privacy advocates.
According to network security specialists, Facebook has been paying some users to download Facebook Research tool, a similar VPN available in the mobile app stores, a research plan known as “Project Atlas.”
Program administrators seek to recruit young people between the ages of 13 and 17 (through Instagram, Snapchat, etc.) for a “paid social media research”. The program registration form mentions “although there are no risks associated with this project, the user recognizes that the nature of this program implies tracking their personal information through mobile app use”.
Facebook is especially interested in what teenagers do on their smartphones, as they are the users who have moved from this social network the most, mention experts in network security. However, Facebook’s intent has been criticized by online privacy advocates and cyber-security experts, especially at a time when the social network has been involved in so many scandals about privacy violations and misuse of personal data.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.