Apple busts Facebook for distributing data-sucking app

Author: 
By BARBARA ORTUTAY | AP
ID: 
1548890149011122200
Thu, 2019-01-31 03:00

NEW YORK: Apple says Facebook can no longer distribute an app
that paid users, including teenagers, to extensively track their
phone and web use.
In doing so, Apple closed off Facebook’s efforts to sidestep
Apple’s app store and its tighter rules on privacy.
The tech blog TechCrunch reported late Tuesday that Facebook paid
people about $20 a month to install and use the Facebook Research
app. While Facebook says this was done with permission, the company
has a history of defining “permission” loosely and obscuring
what data it collects.
“I don’t think they make it very clear to users precisely what
level of access they were granting when they gave permission,”
mobile app security researcher Will Strafach said Wednesday.
“There is simply no way the users understood this.”
He said Facebook’s claim that users understood the scope of data
collection was “muddying the waters.”
Facebook says fewer than 5 percent of the app’s users were teens
and they had parental permission. Nonetheless, the revelation is
yet another blemish on Facebook’s track record on privacy and
could invite further regulatory scrutiny.
And it comes less than a week after court documents revealed that
Facebook allowed children to rack up huge bills on digital games
and that it had rejected recommendations for addressing it for fear
of hurting revenue growth.
For now, the app appears to be available for Android phones, though
not through Google’s main app store. Google had no comment
Wednesday.

Apple said Facebook was distributing Facebook Research through an
internal-distribution mechanism meant for company employees, not
outsiders. Apple has revoked that capability.
TechCrunch reported separately Wednesday that Google was using the
same privileged access to Apple’s mobile operating system for a
market-research app, Screenwise Meter. Asked about it by The
Associated Press, Google said it had disabled the app on Apple
devices and apologized for its “mistake.”
The company said Google had always been “upfront with users”
about how it used data collected by the app, which offered users
points that could be accrued for gift cards. In contrast to the
Facebook Research app, Google said its Screenwise Meter app never
asked users to let the company circumvent network encryption,
meaning it is far less intrusive.
Facebook is still permitted to distribute apps through Apple’s
app store, though such apps are reviewed by Apple ahead of time.
And Apple’s move Wednesday restricts Facebook’s ability to test
those apps — including core apps such as Facebook and Instagram
— before they are released through the app store.
Facebook previously pulled an app called Onavo Protect from
Apple’s app store because of its stricter requirements. But
Strafach, who dismantled the Facebook Research app on
TechCrunch’s behalf, told the AP that it was mostly Onavo
repackaged and rebranded, as the two apps shared about 98 percent
of their code.
As of Wednesday, a disclosure form on Betabound, one of the
services that distributed Facebook Research, informed prospective
users that by installing Facebook Research, they are letting
Facebook collect a range of data. This includes information on apps
users have installed, when they use them and what they do on them.
Information is also collected on how other people interact with
users and their content within those apps, according to the
disclosure.
Betabound warned that Facebook may collect information even when an
app or web browser uses encryption.
Strafach said emails, social media activities, private messages and
just about anything else could be intercepted. He said the only
data absolutely safe from snooping are from services, such as
Signal and Apple’s iMessages, that fully encrypt messages prior
to transmission, a method known as end-to-end encryption.
Strafach, who is CEO of Guardian Mobile Firewall, said he was
aghast to discover Facebook caught red-handed violating Apple’s
trust.
He said such traffic-capturing tools are only supposed to be for
trusted partners to use internally. Instead, he said Facebook was
scooping up all incoming and outgoing data traffic from unwitting
members of the public — in an app geared toward teenagers.
“This is very flagrantly not allowed,” Strafach said. “It’s
mind-blowing how defiant Facebook was acting.”

Facebook has ‘new tools’ against EU election meddling’We
don’t sell people’s data,’ says Facebook’s Zuckerberg
Source: *FS – All – Science News Net
Apple busts Facebook for distributing data-sucking app