Connect with us

Mobile

Apple bans Facebook’s Research app that paid users for data – TechCrunch

Published

on

In the wake of TechCrunch’s investigation yesterday, Apple blocked Facebook’s Research VPN app before the social network could voluntarily shut it down. The Research app asked users for root network access to all data passing through their phone in exchange for $20 per month. Apple tells TechCrunch that yesterday evening it revoked the Enterprise Certificate that allows Facebook to distribute the Research app without going through the App Store. This not only breaks the Research app, but all of Facebook’s internal-use employee apps for collaboration and logistics too, from workplace chat to the lunch menu.

TechCrunch had reported that Facebook was breaking Apple’s policy that the Enterprise system is only for distributing internal corporate apps to employees, not paid external testers. That was actually before Facebook released a statement last night saying that it had shut down the iOS version of the Research program without mentioning that it was forced by Apple to do so.

TechCrunch’s investigation discovered that Facebook has been quietly operated the Research program on iOS and Android since 2016, recently under the name Project Atlas. It recruited 13 to 35 year olds, 5 percent of which were teenagers, with ads on Instagram and Snapchat and paid them a monthly fee plus referral bonuses to install Facebook’s Research app, the included VPN app that routes traffic to Facebook, and to ‘Trust’ the company with root network access to their phone. That lets Facebook pull in a user’s web browsing activity, what apps are on their phone and how they use them, and even decrypt their encrypted traffic. Facebook went so far as to ask users to screenshot and submit their Amazon order history. Facebook uses all this data to track competitors, assess trends, and plan its product roadmap.

Facebook was forced to remove its similar Onavo Protect app in August last year after Apple changed its policies to prohibit the VPN app’s data collection practices. But Facebook never shut down the Research app with the same functionality it was running in parallel. In fact, TechCrunch commissioned security expert Will Strafach to dig into the Facebook Research app, and we found that it featured tons of similar code and references to Onavo Protect. That means Facebook was purposefully disobeying the spirit of Apple’s 2018 privacy policy change while also abusing the Enterprise Certificate program.

Sources tell us that Apple revoking Facebook’s Enterprise Certificate has broken all of the company’s legitimate employee-only apps. Those include pre-launch internal-testing versions of Facebook and Instagram, as well as the employee apps for coordinating office collaboration, commutes, seeing the day’s lunch schedule, and more. That’s causing mayhem at Facebook, disrupting their daily work flow and ability to do product development. We predicted yesterday that Apple could take this drastic step to punish Facebook much harder than just removing its Research app. The disruption will translate into a huge loss of productivity for Facebook’s 33,000 employees.

[Update: Facebook later confirmed to TechCrunch that its internal apps were broken by Apple’s punishment Wednesday morning and that it’s in talks with Apple to try to resolve the issue and get their employee tools running again. Around 3pm pacific on Thursday, Apple restored Facebook’s Enterprise Certificate, thereby reactivating its internal employee apps. The nearly two work day-long disrupt to its workflow might make Facebook think twice about messing with Apple again.]

For reference, Facebook’s main iOS app still functions normally. Also, you can’t get paid for installing Onavo Protect on Android, only for the Facebook Research app. And Facebook isn’t the only one violating Apple’s Enterprise Certificate policy, as TechCrunch discovered Google’s Screenwise Meter surveillance app breaks the rules too.

This morning, Apple informed us it had banned Facebook’s Research app yesterday before the social network seemingly pulled it voluntarily. Apple provided us with this strongly worded statement condemning the social network’s behavior:

“We designed our Enterprise Developer Program solely for the internal distribution of apps within an organization. Facebook has been using their membership to distribute a data-collecting app to consumers, which is a clear breach of their agreement with Apple. Any developer using their enterprise certificates to distribute apps to consumers will have their certificates revoked, which is what we did in this case to protect our users and their data.”

That comes in direct contradiction to Facebook’s initial response to our investigation. Facebook claimed it was in alignment with Apple’s Enterprise Certificate policy and that the program was no different than a focus group.

Seven hours later, a Facebook spokesperson said it was pulling its Research program from iOS without mentioning that Apple forced it to do so, and issued this statement disputing the characterization of our story:

“Key facts about this market research program are being ignored. Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate. Finally, less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms.”

We refute those accusations by Facebook. As we wrote yesterday night, Facebook did not publicly promote the Research VPN itself and used intermediaries that often didn’t disclose Facebook’s involvement until users had begun the signup process. While users were given clear instructions and warnings, the program never stresses nor mentions the full extent of the data Facebook can collect through the VPN. A small fraction of the users paid may have been teens, but we stand by the newsworthiness of its choice not to exclude minors from this data collection initiative.

Senator Mark Warner has since called on Facebook CEO Mark Zuckerberg to support legislation requiring individual informed consent for market research initiatives like Facebook Research. Meanwhile, Senator Richard Blumenthal issued a fierce statement that “Wiretapping teens is not research, and it should never be permissible.”

The situation will surely worsen the relationship between Facebook and Apple after years of mounting animosity between the tech giants. Apple’s Tim Cook has repeatedly criticized Facebook’s data collection practices, and Zuckerberg has countered that it offers products for free for everyone rather than making products few can afford like Apple. Flared tensions could see Facebook receive less promotion in the App Store, fewer integrations into iOS, and more jabs from Cook. Meanwhile, the world sees Facebook as having been caught red-handed threatening user privacy and breaking Apple policy.

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Mobile

Apple’s App Privacy Report launches into beta to show you what your apps are up to – TechCrunch

Published

on

Apple has now launched a beta version of its “App Privacy Report,” a new feature that aims to provide iOS users with details about how often their everyday apps are requesting access to sensitive information, and where that information is being shared. The feature was first introduced at Apple’s Worldwide Developer Conference in June, amid other privacy-focused improvements, including tools to block tracking pixels in emails, a private VPN, and more. Apple explained at the time the new report would include details about an app’s access to user data and sensors, including the user’s location, photos, contacts, and more, as well as a list of domains that the app contacts.

Though announced as a part of the iOS 15 update, the App Privacy Report was not available when the new version of iOS rolled out earlier this fall. It’s still not accessible to the general public but has entered into a wider beta test with the release of the iOS 15.2 and iPadOS 15.2 betas.

The new report goes beyond the potentially fallible App Privacy labels, which detail what sort of sensitive data an app collects and how it’s used. Developers may not always fill out their labels accurately — either by mistake or with a desire to mislead end users — and Apple’s App Review team may not always catch those ommissions.

Instead, the new App Privacy Report works to collect information about how apps are behaving more directly.

When enabled by users in their device’s Privacy Settings, the App Privacy Report will create a list of their apps’ activity over the past seven days. You can then tap on any app to see further details about when the app last accessed sensitive data or one of the device’s sensors — like the microphone or location, for example. This information is available in a list where each access is logged with a timestamp.

In another section, “App Network Activity,” users will be able to see a list of domains apps have communicated with over the past seven days. This list could include domains used by the app itself to provide its functionality, but will also reveal those from third-party trackers and analytics providers the app works with for analytics and advertising purposes, for example.

The “Website Network Activity” offers a similar list, but focuses on websites that contacted domains, some of which may have been provided by an app. You can also view the most contacted domains and drill down into individual domains to see which trackers and analytics they may be using as well as which apps have been contacting them, and when.

Ahead of the beta launch, Apple made a feature called “Record App Activity” available, which allowed developers to preview what users would see when the App Privacy Report became available. This option produced a JSON file where they could confirm their app was behaving as expected. Already, this feature produced some interesting findings. For instance, Chinese super app WeChat was found to be scanning users’ phones for new photos every few hours.

While the App Privacy Report will put into users’ hands a treasure trove of data, it could present complications for developers who may have to now explain to users that some of these data requests are not truly privacy violations — they’re about providing the promised app functionality. A weather app, for example, may need to pull a users’ location on a regular basis if the user has requested push notifications about changing weather patterns, like storm updates, to help them prepare for travel.

When presenting the app to developers, Apple said the report would give them an opportunity to “build trust” with users by providing transparency about what their app is doing. The company also suggested it could give the developers themselves better insight into the SDKs they’ve chosen to install, to ensure their behavior aligns with what the developer wants and expects.

Apple has not said when the new feature may exit beta, but it’s possible it will ship when iOS 15.2 becomes publicly available.

Continue Reading

Mobile

Bolt to expand EV option in South Africa – TechCrunch

Published

on

Estonian on-demand transport firm Bolt is set to roll out electric taxi options in South Africa four months after introducing e-bike food delivery services in the country.

Bolt’s plan follows the introduction of a ‘green category’ – which lets riders hail an electric or a hybrid vehicle. This comes as the company expands its services to environmentally friendly modes of transport.

“We are looking to roll out a green taxi category in South Africa in the next few months, and plan to roll out green categories in other African markets,” said Bolt’s regional director for Africa and Middle East, Paddy Partridge.

The company already offers a green option in Kenya, where it also runs e-bike food delivery. It also plans to launch e-mobility options for food delivery in its other markets across East Africa, including Uganda and Tanzania. 

Founded in 2013 by Markus Villig, the tech firm, which has operations in 45 countries – including seven in Africa – runs a gamut of services comprising ride-hailing, car, scooter and bike rentals, food delivery, and recently grocery delivery, fashioning itself as a transport and deliveries company.

“In East Africa we see a lot of potential on the motorbike side, and especially for delivery. We plan to invest more in this direction as it also serves to eliminate the challenges associated with constantly fluctuating fuel prices, currently the most significant operating cost for our couriers,” said Partridge.

Opportunities for electric mobility are said to be huge, but a majority of countries lack the necessary infrastructure to support their adoption, says a UNEP report

A lack of recharging infrastructure, low grid power connectivity, and generally expensive e-vehicles remain hindrances to the adoption of electric transportation options in many African countries. 

A transition to electric power would offer countries in sub-Saharan Africa a range of gains, including affordable transport and a reduction in emissions, with fossil-fuel vehicles contributing 12% of the region’s total emissions, according to the SSA Nature Sustainability report.

Bolt is planning arrangements with banking institutions in its markets in Africa to help its drivers access credit for purchasing electric vehicles, exploring other options away from its current scheme with leasing companies.

“The purchase cost and import duties are often high, thereby deterring ownership. We are exploring a number of vehicle financing partnerships in Kenya and South Africa for electric cars and bikes, which would help make it easier for drivers to get access to, and eventually own, electric vehicles,” he said.

The company’s plan to expand its offering across the continent comes in the wake of growing competition from companies such as Uber, which is currently testing a carpooling service in Nairobi, with plans to roll it out in Ghana and Nigeria.

Bolt recently launched the food delivery service in Nigeria, and also expanded its reach in South Africa by rolling out the service in Johannesburg after introducing it in Cape Town last year.

This comes in the wake of the company’s recent $696 million (€600M) funding round that the tech firm said will go into growing the new grocery delivery service, Bolt Market, as well as in expanding its other transport and delivery services. 

Sequoia Capital, Tekne Capital, and Ghisallo, G Squared, D1 Capital, and Naya Capital are some of the investors that participated in the funding round that increased its valuation to €4 billion. The new funding came after the International Finance Corporation injected $24 million (€20) into the business at the beginning of the year.

Among the services it is looking to grow is Bolt Drive, the car rental service launched early this year to offer different choices including compact, mid-size, electric, premium, SUV, and van. The service is currently available in Estonia’s capital Tallin with plans to roll it out in other Europe and Africa markets. Bolt Drive adds to the micro-mobility options – scooters and e-bikes – that the company introduced in line with its goal of availing to the masses, more budget environmentally friendly transport solutions. The e-mobility service is available in over 100 cities across Europe.

“We continue to scale up our operations for the benefit of our customers.  Our core business is to provide reliable, safe and affordable transportation services to everyone and we are excited to make travel easier and quicker in many cities across the continent,” said Partridge.

Continue Reading

Mobile

Google announces Android 12L, a feature drop for large-screen devices – TechCrunch

Published

on

Google today announced a preview of Android 12L, which sounds like a new version of Android, but Google calls it “a special feature drop that makes Android 12 even better on large screens.”

The idea here is to provide users on tablets, foldables and Chrome OS laptops — anything with a screen above 600 dp — with an improved user interface.

The developer preview of Android 12L is now available for developers who want to give it a try, as well as a new Android 12L emulator and support for it in Android Studio. 

But 12L is also for phones, Google says, confusing no one. Since you won’t really see most of the new features there, though, the focus right now is on other devices, with beta enrollments for Pixel devices launching later in the preview.

Since Google calls it a ‘feature drop’ and ‘feature update’ in its announcement today, we’re not looking at a full fork of Android for these devices the way Apple split up iOS and iPadOS. Instead, it’s an update for large-screen devices that introduces additional multitasking tools and an optimized user interface. By default, Android 12L should also make apps look better on these devices, too. 

Image Credits: Google

Specifically, this means Google refined how notifications, quick settings, lock screen, overview and the home screen look on large screens. System apps on Android 12L have also been optimized, too. 

What’s probably most interesting here is the new multitasking features, with a new taskbar that is a bit reminiscent of iPadOS. Android already supported split-screen mode on tablets, but Google notes that it’s now more discoverable. You simply drag and drop an icon from the taskbar onto the screen to invoke it. This also means every app on Android is now enabled to support split-screen mode (something that developer previously had to opt-in to).

Google plans to release 12L early next year, “in time for the next wave of Android 12 tablets and foldable.” We should probably expect to hear a lot about Android tablets and foldable at MWC then.

In addition to Android 12L, Google also today announced new features in OS and Play for developers to better support these devices. These include updates to its Material Design guidance for large-screen devices, but also updates to Jetpack Compose to make it easier to build for these machines and to ensure that apps can more easily adapt to various screen orientations and sizes. Android Studio is also getting a resizable emulator to help developers test their apps on a wider variety of screen sizes and a new visual linting tool to surface UI warnings and suggestions when the layout has issues.

As for Google Play, the company will now check apps against its large screen app quality guidelines and its search rankings will take the results of this into account. “For apps that are not optimized for large screens, we’ll start warning large screen users with a notice on the app’s Play Store listing page,” Google says. 

Continue Reading

Trending