Apple says Facebook can no longer distribute an app that paid users, including teenagers, to extensively track their phone and web use.
The tech blog TechCrunch reported late Tuesday that Facebook paid users about $20 US ($26) a month to use the Facebook Research app. While Facebook says this was done with permission, the company has a history of defining “permission” loosely and obscuring what data it collects.
Facebook says fewer than 5 per cent of the app’s users were teens and they had parental permission. Nonetheless, the revelation is yet another blemish on Facebook’s track record on privacy and could invite further regulatory scrutiny.
App store circumvented
According to TechCrunch, Facebook sidestepped Apple’s app store and its tighter rules on privacy. Apple says Facebook was using a distribution mechanism meant for company employees, not outsiders, so Apple has revoked that capability.
This is very flagrantly not allowed.– Will Strafach, mobile app security researcher
As of Wednesday, a disclosure form on Betabound, one of the services that distributed Facebook Research, informed prospective users that by installing the software, they are letting Facebook collect a range of data. This includes information on apps you have installed, when you use them and what you do on them. Information is also collected on how other people interact with users and their content within those apps, according to the disclosure.
Betabound warned that Facebook may collect information even when an app or web browser uses encryption.
Mobile app security researcher Will Strafach, who studied the app on TechCrunch’s behalf, told The Associated Press that he was aghast to discover Facebook caught red-handed violating Apple’s trust. He said such traffic-capturing tools are only supposed to be for trusted partners to use internally. Instead, he said Facebook was scooping up all incoming and outgoing data traffic from unwitting members of the public — in an app geared toward teenagers.
“This is very flagrantly not allowed,” said Strafach, CEO of Guardian Mobile Firewall. “It’s mind-blowing how defiant Facebook was acting.”
He called “muddying the waters” any attempt by Facebook to claim that users who installed the apps understood the unrestrained scope of the data collection.
“I don’t think they make it very clear to users precisely what level of access they were granting when they gave permission,” Strafach said. “There is simply no way the users understood this.”
Source : cbc