Apple Revoked Facebook’s Developer Credentials Over An App That Mined Teenagers’ Device Data

The Facebook Research app paid people as young as 13 $20 per month in order to access data, including web searches and emails.

Last night, Apple revoked Facebook’s enterprise developer certificate over an app in flagrant violation of Apple’s developer policies. Called “Facebook Research,” that iOS app paid volunteers between the ages of 13 and 35 $20 a month in order to access nearly all their personal data — emails, web searches, internet browsing activity, and private messages on iPhones and iPads.

On Thursday afternoon, a Facebook spokesperson confirmed that the company’s Enterprise Certification — and thus, its internal employee applications — was restored by Apple. “We are in the process of getting our internal apps up and running. To be clear, this didn’t have an impact on our consumer-facing services,” the spokesperson added.

The social media giant used the private data of people who installed its app for market research to identify who its competitors were.

Facebook Research bypassed Apple’s App Store by allowing users to side-load it on iPhones and iPads in a way that violated Apple’s policies. Facebook shut the iOS version of the app down after Apple yanked the company’s developer credentials.

Apple said in a statement Wednesday: “We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

This is not the first time Facebook has run afoul of Apple’s developer policies. When its data-collecting Onavo VPN app was booted from the App Store last August, the company said, “As a developer on Apple’s platform, we follow the rules they’ve put in place.”

Apple’s decision to revoke Facebook’s developer certificate came just hours after TechCrunch first wrote about the Facebook Research app. The app will, however, continue to be available on Android.

In a statement issued to BuzzFeed News, a Facebook spokesperson said:

Key facts about this market research program are being ignored. Despite early reports, there was nothing “secret” about this; it was literally called the Facebook Research App. It wasn’t “spying” as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens, all of them with signed parental consent forms.

Facebook previously collected similar data through an app called Onavo Protect, a VPN service that it acquired in 2013.

Facebook took down Onavo Protect from Apple’s App Store in 2018 after Apple said that it violated its policies that state that apps should not collect information about which other apps are installed on a user’s device for marketing or analytics, but according to TechCrunch, a lot of the code in the Facebook Research app is similar to Onavo Protect.


Updated with comment from Apple.


Topics in this article

Skip to footer