Yesterday, Techcruch published a deeply reported account of Facebook's "Project Atlas,", a "research" app whose users were paid up to $20/month (plus affiliate fees) to install on Ios devices, which exploited third parties with access to Apple's developer program to install a man-in-the-middle certificate that allowed Facebook to harvest every conceivable kind of data from its users' Iphones and other Ios devices.
The reaction was swift: Apple has terminated Facebook's developer certificate, meaning it can no longer sideload apps into Ios devices by signing them as "experimental" or "beta" apps. In its statement, Apple confirmed Techcrunch's accusations that Facebook had abused the developer certificate, saying that the Enterprise Developer Program was "solely for the internal distribution of apps," and that Facebook had violated its agreement with Apple by "using their membership to distribute a data-collecting app to consumers."
Apple previously removed Facebook's Onavo app, another fake VPN that was designed to gather data on its users, and Techcrunch speculated that the "Facebook Research"/Project Atlas app was intended as a replacement for Onavo's data.
However, Facebook disputes this. In an announcement that it is cancelling the "Facebook Research" program, the company says it has been unfairly maligned, that the 13-25-year-olds it recruited for the program were duly informed of the app's surveillance activities, and that the project was unrelated to Onavo.
“Key facts about this market research program are being ignored,” the company said. “Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”
Facebook will shut down its controversial market research app for iOS [Casey Newton/The Verge]
NEW: Apple now says it has revoked Facebook’s iOS developer certificate, which Apple intends to be used for a company’s employees to sideload apps without needing the App Store, not for the purpose FB used.
— Alex Heath (@alexeheath) January 30, 2019
Apple’s statement: pic.twitter.com/IvFHUfOZPq