Apple hits back at Facebook for privacy-invasive VPN targeted at teens

Pixabay (CC-BY)

Apple calls Facebook’s secretive app a ‘clear breach’ of its rules.

Apple has responded to the news that Facebook used their special developer program, designed to let companies share apps internally, to target a privacy-invasive VPN towards teenagers.

First revealed by TechCrunch Tuesday, the report indicated how the social media company secretly used Apple’s Enterprise Developer Program to pay teens $20 per month to use its Facebook Research app. The news comes after Apple already banned Facebook’s data-harvesting Onavo VPN app from its app store in June of last year.

In response to the controversy, Apple released a statement condemning Facebook for what they say was a breach of agreement.

“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization,” an Apple spokesperson said. “Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

Apple also revoked the app from its developer program, cutting off Facebook’s ability to further distribute the VPN.

Although the primary purpose of a VPN is to protect one’s internet activity, TechCrunch discovered that Facebook’s app was able to decrypt and analyze users’ phone activity.

Among the data collected, the VPN was able to grab everything from private messages off of social media and messaging apps to screenshots of a user’s Amazon order history page.

Facebook attempted to downplay the app’s discovery by arguing that it was never truly secret in a statement to TechCrunch.

“Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App,” the spokesperson argued. “It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”

The incident, regardless of Facebook’s strongly-worded response, will undoubtedly further tarnish the social media company’s public image.

Mikael Thalen

Mikael Thalen

Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.