Instead of downloading the app through the App Store or through Apple’s own test program, Apple TestFlight, users received it through three different beta testing services: BetaBound, uTest and Applause. These three services specifically placed ads on Instagram and Snapchat, focusing on the demographic age from 13 to 35 years, stating that this is a “paid research on social networks.” When registering in the application, minors are invited to ask for parental permission through the form. One form says: “There are no known risks associated with the project, but you acknowledge that the internal nature of the project is related to tracking personal information through your child’s applications.
Here is the disclaimer when users download the Facebook Research app from Applause (acquired by TechCrunch):
“By installing software, you give our client permission to collect data from your phone, which will help them understand how you browse the Internet and how you use functions in the applications you have installed … This means that you” allow our client to collect information such How, what applications are on your phone, how and when you use them, information about your actions and content in these applications, as well as how other people interact with you or your content in these applications. also allowing our client to collect information about your online activities (including the sites you visit and the exchange of data between your device and those sites) and your use of other online services. In some cases, our client will collect this information even where the application uses encryption or from secure browser sessions. "
According to Will Strafach, a security expert authorized by TechCrunch, the access level provided by Facebook Research can lead the company to collect all sorts of data, including private messages, instant messaging chats, including photos and videos, emails, Online activity and even location information.
Instead of downloading the application from Apple, users downloaded it from a separate Facebook URL, offered to install an Enterprise Developer Certificate and allow root access to their phone. One applause program even asked users to provide screenshots of their Amazon order history. If users supported VPN and sent data to Facebook, they were paid through electronic gift certificates.
Facebook recognized the existence of this program for TechCrunch: “Like many companies, we invite people to take part in research that helps us determine what we can do better. Since this study aims to help Facebook understand how people use their mobile devices, we have provided extensive information about the type of data we collect and how they can participate. We do not share this information with others, and people can stop participating at any time. ”
According to the representative of Facebook, the company does not violate the rules of Apple, because the application is distributed under the Apple Enterprise Certificate program. But since the Certificate program is intended primarily for internal use by developers, and not as a public beta, where users are paid, it is not clear whether this is so.