Facebook is in hot water once again. According to a new report by TechCrunch, the company has been secretly paying volunteers to install a 'research app', which harvests all of the user's phone and web activity. People aged 13 to 35 were paid as little as $20 a month in exchange for all of their data.
The research program has been underway since 2016, encouraging users to sell their privacy on both iOS and Android devices by installing a "Facebook research" app. The social media giant cleverly tried to hide its involvement by administering it through other beta testing services - Applause, BetaBound and uTest. Ads for the program run by uTest, for example, could be found on Instagram and Snapchat. They only mention a "paid social media research study" - Facebook's name is nowhere to be found.
The app itself requires users to install a custom root certificate. Speaking to TechCrunch, Guardian Mobile Firewall’s security expert Will Strafach stated that: "If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.” Users were also allegedly asked to screenshot their Amazon purchase history and send it to Facebook.
Not only is this incredibly invasive, but Facebook likely violated Apple policy by using enterprise certificates to grant root access to iPhones. However, since the initial publication of the report, Facebook itself has told TechCrunch that it will shut down the iOS version of its app. The same does not apply to Android, where the program will continue to run.
What do you think about Facebook's research app? Would you be willing to sell your data for $20 a month? Let us know in the comments.