In January, Apple’s App Store gave the heave-ho to Facebook’s snoopy Research VPN (virtual private network) app.
Now we know how many users Facebook Research got personal and sensitive device data from: 187,000, according to a letter sent by Facebook to Senator Richard Blumenthal and obtained by
TechCrunch. That’s 31,000 US users – 4,300 of whom are teenagers – and with the rest being from India. The
now-defunct Research app used its access to get what security researcher Will Strafach called “nearly limitless access.” That includes web browsing histories, encrypted messages and mobile app activity of not just the volunteer users but also, potentially, data from their friends. It was kicked from the App Store for violating Apple’s Developer Enterprise Program License Agreement by installing a root certificate. Something that’s supposed to be limited to “for use by your employees”. Facebook pushed back at the negative coverage it received following the eviction, pointing out that it wasn’t the snoopiness of the app that saw it discarded, and that users were well aware they were being snooped on.