Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Facebook's defunct Research app gleaned private data from 187,000 users

Last updated

Facebook's Research app, which was banned by Apple in January for violating App Store Review Guidelines, managed to collect personal and potentially sensitive information from some 187,000 users since 2016, according to a report on Wednesday.

The number was divulged in a letter addressed to U.S. Sen. Richard Blumenthal and subsequently seen by TechCrunch. Blumenthal has voiced criticism of Facebook's handling of user privacy matters and the lackadaisical pace of a Department of Justice investigation into the social network.

In all, Facebook said its "Project Atlas" initiative, publicly known as the Research app, obtained data from 187,000 users, including 34,000 teenagers. Of the 31,000 users who had their data collected in the U.S., 4,300 were teenagers, the letter said.

Facebook maintains the operation was driven by analytics, but notes the now-defunct app in some cases received "non-target" information.

"We did not review all of the data to determine whether it contained health or financial data," a Facebook spokesperson told the publication. "We have deleted all user-level market insights data that was collected from the Facebook Research app, which would include any health or financial data that may have existed."

Apple commented on the issue in a separate letter sent to lawmakers in March, the report said. The tech giant admitted it did not know how many devices were running the Research app, which was deployed using Enterprise Developer Certificate and VPN technology typically reserved for business applications.

"We know that the provisioning profile for the Facebook Research app was created on April 19, 2017, but this does not necessarily correlate to the date that Facebook distributed the provisioning profile to end users," said Apple director of federal affairs Timothy Powderly.

Apple caught wind of Facebook Research when a report in January outlined the data-gathering initiative that flouted the iPhone maker's developer rules. The exposé discovered Facebook paid program participants $20 plus referral fees to sideload a VPN client on their device, granting nearly unfettered access to iOS usage patterns and activity.

A day after the report went to press, Apple pulled Facebook's enterprise certificate, saying the company was in violation of its Enterprise Developer Program agreement. Google, which was running a similar analytics campaign called Screenwise Meter, saw its certificate revoked that same day.

Apple later restored privileges and in a statement to TechCrunch today confirmed both companies are in compliance with developer rules.



10 Comments

mjtomlin 20 Years · 2690 comments

So all the developers who are complaining about Apple’s control over the App Store, should thank companies like Google and Facebook for proving Apple is right.

frantisek 11 Years · 760 comments

One can understand to calls to break Facebook. Look on chatting App market. Messagger and WhatsApp are dominanting world with small exceptions and one big, China. In Africa users often have data for WhatsApp for free (not for video calls). Who pays that free?

There is no world antitrust regulator to watch situation.

christopher126 16 Years · 4366 comments

Just keep getting "Zucked" He has to go! :)

Or at least, stop tracking our kids! :)

macseeker 8 Years · 541 comments

Zuck's privacy needs to be aired. First thing is to get rid of that horrible vomiting wall he had constructed at his Hawaiian home. It's a complete abomination to the Hawaiian culture.

mikethemartian 18 Years · 1493 comments

They didn’t name it Research for nothing.