Facebook Pulls Security App From Apple Store Over Privacy
28.8.18 securityweek Social
Facebook has pulled one of its own products from Apple's app store because it didn't want to stop tracking what people were doing on their iPhones. Facebook also banned a quiz app from its social network for possible privacy intrusions on about 4 million users.
The twin developments come as Facebook is under intense scrutiny over privacy following the Cambridge Analytica scandal earlier this year. Allegations that the political consultancy used personal information harvested from 87 million Facebook accounts have dented Facebook's reputation.
Since the scandal broke, Facebook has investigated thousands of apps and suspended more than 400 of them over data-sharing concerns.
The social media company said late Wednesday that it took action against the myPersonality quiz app, saying that its creators refused an inspection. But even as Facebook did that, it found its own Onavo Protect security app at odds with Apple's tighter rules for applications.
Onavo Protect is a virtual-private network service aimed at helping users secure their personal information over public Wi-Fi networks. The app also alerts users when other apps use too much data.
Since acquiring Onavo in 2013, Facebook has used it to track what apps people were using on phones. This surveillance helped Facebook detect trendy services, tipping off the company to startups it might want to buy and areas it might want to work on for upcoming features.
Facebook said in a statement that it has "always been clear when people download Onavo about the information that is collected and how it is used."
But Onavo fell out of compliance with Apple's app-store guidelines after they were tightened two months ago to protect the reservoir of personal information that people keep on their iPhones and iPads.
Apple's revised guidelines require apps to get users' express consent before recording and logging their activity on a device. According to Apple, the new rules also "made it explicitly clear that apps should not collect information about which other apps are installed on a user's device for the purposes of analytics or advertising/marketing."
Facebook will still be able to deploy Onavo on devices powered by Google's Android software.
Onavo's ouster from Apple's app store widens the rift between two of the world's most popular companies.
Apple CEO Tim Cook has been outspoken in his belief that Facebook does a shoddy job of protecting its 2.2 billion users' privacy — something that he has framed as "a fundamental human right."
Cook sharpened his criticism following the Cambridge Analytica scandal. He emphasized that Apple would never be caught in the same situation as Facebook because it doesn't collect information about its customers to sell advertising. Facebook CEO Mark Zuckerberg fired back in a separate interview and called Cook's remarks "extremely glib." Zuckerberg implied that Apple caters primarily to rich people with a line of products that includes the $1,000 iPhone X.
Late Wednesday, Facebook said it moved to ban the myPersonality app after it found user information was shared with researchers and companies "with only limited protections in place." The company said it would notify the app's users that their data may have been misused.
It said myPersonality was "mainly active" prior to 2012. Though Facebook has tightened its rules since then, it is only now reviewing those older apps following the Cambridge Analytica scandal.
The app was created in 2007 by researcher David Stillwell and allowed users to take a personality questionnaire and get feedback on the results.
"There was no misuse of personal data," Stillwell said in a statement, adding that "this ban appears to be purely cosmetic." Stillwell said users gave their consent and the app's data was fully anonymized before it was used for academic research. He also rejected Facebook's assertion that he refused to submit to an audit.