Facebook Under Fire Over Spy App That Snooped On Teens As Young As 13

Close up on an eye reflecting the Facebook logo
Chris Jackson / Getty Images

Facebook finds itself in the middle of yet another privacy storm today as the company’s COO, Sheryl Sandberg, tried to defend an app which spied on users as young as 13-years-old.

According to CNBC, Facebook exploited Apple’s enterprise developer certificate to distribute an app which paid the youngsters to allow Facebook to see details of all activity on their phones.

The app, which was called Onavo VPN, was removed from the Apple app store last year after it was found to be in violation of its data collection rules.

Unlike a normal VPN which is a privacy tool which encrypts people’s internet data to ensure online security and privacy, Onavo VPN did the exact opposite. It actually harvested data on everything a user did on their device and passed that information to Facebook. Facebook claims that this data was “for research purposes” and insists that all users had consented to their data being shared.

Speaking to CNBC, Sheryl Sandberg said, “I want to be clear what this is. This is a Facebook research app. It’s completely opt-in. There is a rigorous consent flow and people are compensated… The important thing is that people involved in that research project knew they were involved and consented.”

Sheryl Sandberg speaking at an event
  Drew Angerer / Getty Images

When a user downloaded Onavo VPN, they were shown a warning which said, “[t]rusting will allow any app from this enterprise developer to be used on your iPhone and may allow access to your data.”

However, critics are arguing that this message does not make clear exactly how much data and personal information the Onavo VPN app was hoovering up.

Will Strafach, an online security expert at Guardian Mobile Firewall, told the Daily Mail, “Facebook provides claims for what data they will collect, and perhaps they are true. However, they do not inform users of the massive amount of access you hand them when hitting ‘Trust’ on their Root Certificate. I do not think users can reasonably consent without this knowledge.”

He added that Sandberg’s comments in defending the Onavo VPN app were “lacking credibility.”

Sandberg is also beginning to come under more pressure personally as Facebook rolls her out again and again to try and defend their privacy lapses. Some are questioning whether it is time that she should take the fall for the litany of privacy issues which have dogged the company in recent times and lose her job with the firm.