Facebook bypasses Apple App Store restrictions to pay users for root access

In August 2018, Apple forced Facebook to remove its Onava VPN from the App Store because the Facebook had been using it to harvest data across multiple apps and track user activity. In January 2019, a TechCrunch investigation revealed that in a separate part of the same programme Facebook had been paying users aged 13 to 35 to download a "Facebook Research" VPN and give it root access to their devices to enable it to collect data on their usage habits. The programmed, known as "Project Atlas", exploited Apple's Enterprise Developer Program, which allows organisations to distribute apps internally; Facebook used its membership to bypass the App Store. A month later, Facebook followed up by withdrawing Onavo from the Google Play Store. The programme, which began in 2016, enabled Facebook to decide which of its competitors' features to copy or avoid.

Facebook used the beta testing services Applause, BetaBound, and uTest to distribute the app on its behalf and cloak its involvement. Recruitment ads on services such as Instagram and Snapchat sought teens aged 13 to 17 for a "paid social media research study". The ads typically didn't mention Facebook, thought further documentation generally did.

https://techcrunch.com/2019/01/31/facebook-researchgate/

https://techcrunch.com/2019/02/21/facebook-removes-onavo/

Writer: Josh Constine

Publication: TechCrunch