Facebook Research VPN App Continues Where Onavo Left Off

Last updated September 20, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer
image source: facebook.com

In a blatant violation of the most crucial of Apple’s developer policy guidelines, Facebook is offering its users the installation of a VPN app from outside the app store, which asks for “Trust” consent with root access to all network data transmitted by the device. The collected information includes data about which apps are on the phones and how often they are used, the internet browsing activity, and even the interaction with other internet users. Even in the cases that the user is using app-level encryption or secure browser sessions, the data are still collected and forwarded to Facebook.

The social media giant is touting the data-collection program as a “paid social media research study”, luring users of their own and their partners’ platforms like Snapchat and Instagram. Facebook Research is installed from outside the official App Store and keeps itself updated without any interaction with it. The exact type and amount of data that Facebook collects through the VPN remains unknown, as the company has made no specific clarifications, so the people who opt for the research program have no other choice than trusting what Facebook says.

The most interesting and valuable demographic is teens, as Facebook sees them gradually but steadily abandon their platform. After all, teens are easier to convince to exchange their data for money, although Facebook also asks for parental consent when the user is between ages 13 and 17. The amount of money paid to the research participants is $20/month, and another $20 for each friend the participant refers. This may not be enough to lure adults, but for teens who are low on pocket money and have not developed their notion and perception about the importance of privacy, it would be tempting for sure.

Facebook has invested in similar data collection apps in the past, winning them insight on what people want and foresight on which apps will experience growth in the upcoming years. Successful acquisitions like the WhatsApp one were based on insightful data that was collected by the controversial Onavo program. Apple has decided that Onavo violated its privacy policy, so it removed it from the store. Facebook also abandoned the Onavo app, but not the strategy of trying to collect user data. The Facebook Research app shares a similar code with Onavo points to the same URLs that Onavo used to transmit the collected data, and therefore, analysts see it as a re-branded replacement for the banned app.

With all having surfaced after a TechCrunch investigation, it is interesting to see how Apple will respond to the situation. Tim Cook has repeatedly criticized Facebook, and data collection brokers in general, recently writing a letter to urge Congress to take immediate action.

What action should Apple take against Facebook as punishment for ignoring the iOS app policies? Let us know of your opinion in the comments section below, and don’t hesitate to do the same on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: