Connect with us

Mobile

Facebook admits 18% of Research spyware users were teens, not – TechCrunch

Published

on

Facebook has changed its story after initially trying to downplay how it targeted teens with its Research program that a TechCrunch investigation revealed was paying them gift cards to monitor all their mobile app usage and browser traffic. “Less than 5 percent of the people who chose to participate in this market research program were teens” a Facebook spokesperson told TechCrunch and many other news outlets in a damage control effort 7 hours after we published our report on January 29th. At the time,  Facebook claimed that it had removed its Research app from iOS. The next morning we learned that wasn’t true, as Apple had already forcibly blocked the Facebook Research app for violating its Enterprise Certificate program that supposed to reserved for companies distributing internal apps to employees.

It turns out that wasn’t the only time Facebook deceived the public in its response regarding the Research VPN scandal. TechCrunch has obtained Facebook’s unpublished February 21st response to questions about the Research program in a letter from Senator Mark Warner, who wrote to CEO Mark Zuckerberg that “Facebook’s apparent lack of full transparency with users – particularly in the context of ‘research’ efforts – has been a source of frustration for me.”

In the response from Facebook’s VP of US public policy Kevin Martin, the company admits that (emphasis ours) “At the time we ended the Facebook Research App on Apple’s iOS platform, less than 5 percent of the people sharing data with us through this program were teens. Analysis shows that number is about 18 percent when you look at the complete lifetime of the program, and also add people who had become inactive and uninstalled the app.” So 18 percent of research testers were teens. It was only less than 5 percent when Facebook got caught. Given users age 13 to 35 were eligible for Facebook’s Research program, 13 to 18 year olds made of 22 percent of the age range. That means Facebook clearly wasn’t trying to minimize teen involvement, nor were they just a tiny fraction of users.

WASHINGTON, DC – APRIL 10: Facebook co-founder, Chairman and CEO Mark Zuckerberg testifies before a combined Senate Judiciary and Commerce committee hearing in the Hart Senate Office Building on Capitol Hill April 10, 2018 in Washington, DC. (Photo by Chip Somodevilla/Getty Images)

Warner asked Facebook “Do you think any use reasonable understood Facebook was using this data for commercial purposes includingto track competitors?” Facebook response indicates it never told Research users anything about tracking “competitors”, and instead dances around the question. Facebook says the registration process told users the data would help the company “understand how people use mobile apps,” “improve . . . services,” and “introduce new features for millions of people around the world.”

Facebook had also told reporters on January 29th regarding teens’ participation, “All of them with signed parental consent forms.” Yet in its response to Senator Warner, Facebook admitted that “Potential participants were required to confirm that they were over 18 or provide other evidence of parental consent, though the vendors did not require a signed parental consent form for teen users.” In some cases, underage users merely had to check a box to claim they had parental consent, and there was no verification of users’ ages or that their parents actually approved.

So to quickly recap:

  • TechCrunch reports on January 29th that Facebook is paying teens and adults up to $20 in gift cards per month to install a Research VPN with Root network access to spy on all their mobile app activity, web browsing, and even encrypted communications.
  • TechCrunch informs Facebook and Apple that Facebook’s Research app violates Apple’s Enterprise Certificate rules.
  • That night, Facebook claims it shut down the Research app on iOS but didn’t violate Apple’s policy, and tells reporters only 5 percent of Research users were teens and they all had signed parental consent forms.
  • The next morning, Apple tells TechCrunch that it forcibly shut down Facebook Research on iOS for violating the Enterprise Certificate rules, and invalidates Facebook’s Certificate thereby breaking its internal iOS apps for 30 hours, including its Workplace chat and task management apps as well as its shuttle schedule and lunch menu
  • TechCrunch reports Google’s Screenwise Meter market research app was also breaking Apple’s Enterprise Certificate rules, but it quickly apologies and shuts down the app on iOS though it still has its internal iOS apps invalidated for 6 hours.
  • Senator Warner issues a letter demanding answers about Facebook Research from Mark Zuckerberg, while Senators Blumenthal and Markey also issue sternly worded reprimands of Facebook.
  • Facebook’s VP of production engineering and security Pedro Canahuati publishes an internal memo disputing our reporting by saying the program was never secret, but its points are swiftly dismantled by TechCrunch after we reveal that legal action was threatened if a Research user spoke publicly about the app.
  • TechCrunch reports that Apple failed to block dozens of hardcore pornography and real-money gambling apps abusing Enterprise Certificate program to sidestep the App Store’s rules, and Apple shuts them down.
  • Facebook tells TechCrunch on February 21st that it’s ceased recruiting users for its Research program on Android where it was still running, and  that it will shut down its similar Onavo market research spyware VPN on Android after Apple banned it last year.
  • That same day, Facebook issues this response to Senator Warner that shows its initial response to reporters wasn’t accurate.

Facebook targeted teens with ads on Instagram and Snapchat to join the Research program without revealing its involvement

The contradictions between Facebook’s initial response to reporters and what it told Warner, who has the power to pursue regulation of the the tech giant, shows Facebook willingness to move fast and play loose with the truth when it’s less accountable. It’s no wonder the company never shared the response with TechCrunch or posted a blog post or press release about it.

Facebook’s attempt to minimize the issue in the wake of backlash exemplifies the trend of of the social network’s “reactionary” PR strategy that employees described to BuzzFeed’s Ryan Mac. The company often views its scandals as communications errors rather than actual product screwups or as signals of deep-seeded problems with Facebook’s respect for privacy. Facebook needs to learn to take its lumps, change course, and do better rather than constantly trying to challenge details of negative press about it, especially before it has all the necessary information. Until then, the never-ending news cycle of Facebook’s self-made disasters will continue.

Below is Facebook’s full response to Senator Warner’s inquiry, and following that is Warner’s original letter to Mark Zuckerberg.

Additional reporting by Krystal Hu

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Mobile

Following Apple’s launch of privacy labels, Google to add a ‘safety’ section in Google Play – TechCrunch

Published

on

Months after Apple’s App Store introduced privacy labels for apps, Google announced its own mobile app marketplace, Google Play, will follow suit. The company today pre-announced its plans to introduce a new “safety” section in Google Play, rolling out next year, which will require app developers to share what sort of data their apps collect, how it’s stored, and how it’s used.

For example, developers will need to share what sort of personal information their apps collect, like users’ names or emails, and whether it collects information from the phone, like the user’s precise location, their media files or contacts. Apps will also need to explain how the app uses that information — for example, for enhancing the app’s functionality or for personalization purposes.

Developers who already adhere to specific security and privacy practices will additionally be able to highlight that in their app listing. On this front, Google says it will add new elements that detail whether the app uses security practices like data encryption; if the app follows Google’s Families policy, related to child safety; if the app’s safety section has been verified by an independent third party; whether the app needs data to function or allows users to choose whether or not share data; and whether the developer agrees to delete user data when a user uninstalls the app in question.

Apps will also be required to provide their privacy policies.

While clearly inspired by Apple’s privacy labels, there are several key differences. Apple’s labels focus on what data is being collected for tracking purposes and what’s linked to the end user. Google’s additions seem to be more about whether or not you can trust the data being collected is being handled responsibility, by allowing the developer to showcase if they follow best practices around data security, for instance. It also gives the developer a way to make a case for why it’s collecting data right on the listing page itself. (Apple’s “ask to track” pop-ups on iOS now force developers to beg inside their apps for access user data).

Another interesting addition is that Google will allow the app data labels to be independently verified. Assuming these verifications are handled by trusted names, they could help to convey to users that the disclosures aren’t lies. One early criticism of Apple’s privacy labels was that many were providing inaccurate information — and were getting away with it, too.

Google says the new features will not roll out until Q2 2022, but it wanted to announce now in order to give developers plenty of time to prepare.

Image Credits: Google

There is, of course, a lot of irony to be found in an app privacy announcement from Google.

The company was one of the longest holdouts on issuing privacy labels for its own iOS apps, as it scrambled to review (and re-review, we understand) the labels’ content and disclosures. After initially claiming its labels would roll out “soon,” many of Google’s top apps then entered a lengthy period where they received no updates at all, as they were no longer compliant with App Store policies.

It took Google months after the deadline had passed to provide labels for its top apps. And when it did, it was mocked by critics — like privacy-focused search engine DuckDuckGo — for how much data apps like Chrome and the Google app collect.

Google’s plan to add a safety section of its own to Google Play gives it a chance to shift the narrative a bit.

It’s not a privacy push, necessarily. They’re not even called privacy labels! Instead, the changes seem designed to allow app developers to better explain if you can trust their app with your data, rather than setting the expectation that the app should not be collecting data in the first place.

How well this will resonate with consumers remains to be seen. Apple has made a solid case that it’s a company that compares about user privacy, and is adding features that put users in control of their data. It’s a hard argument to fight back against — especially in an era that’s seen too many data breaches to count, careless handling of private data by tech giants, widespread government spying, and a creepy adtech industry that grew to feel entitled to user data collection without disclosure.

Google says when the changes roll out, non-compliant apps will be required to fix their violations or become subject to policy enforcement. It hasn’t yet detailed how that process will be handled, or whether it will pause app updates for apps in violation.

The company noted its own apps would be required to share this same information and a privacy policy, too.

 

Continue Reading

Mobile

BigBrain aims to bring live mobile trivia back to glory – TechCrunch

Published

on

If you ask Nik Bonaddio why he wanted to build a new mobile trivia app, his answer is simple.

“In my life, I’ve got very few true passions: I love trivia and I love sports,” Bonaddio told me. “I’ve already started a sports company, so I’ve got to start a trivia company.”

He isn’t kidding about either part of the equation. Bonaddio actually won $100,000 on “Who Wants To Be A Millionaire?”, which he used to start the sports analytics company numberFire (acquired by FanDuel in 2014).

And today, after a period of beta testing, Bonaddio is launching BigBrain. He’s also announcing that the startup has raised $4.5 million in seed funding from FirstRound Capital, Box Group, Ludlow Ventures, Golden Ventures and others.

Of course, you can’t mention mobile trivia without thinking of HQ Trivia, the trivia app that shut down last year after some high-profile drama and a spectacular final episode.

Image Credits: BigBrain

But Bonaddio said BigBrain is approaching things differently than HQ in a few key ways. For starters, although there will be a handful of free games, the majority will require users to pay to enter, with the cash rewards coming from the entry fees. (From a legal perspective, Bonaddio said this is distinct from gambling because trivia is recognized as a game of skill.)

“The free-to-play model doesn’t really work for trivia,” he argued.

In addition, there will be no live video with a live host — Bonaddio said this would “very, very difficult from a technical perspective and very cost ineffective.” Instead, he claimed the company has found a middle ground: “We have photos, we have different interactive elements, it’s not just a straight multiple choice quiz. We do try to keep it interactive.”

Plus, the simpler production means that where HQ was only hosting two quizzes a day, BigBrain will be hosting 20, with quizzes every 15 minutes at peak times.

Topics will range from old school hip hop to college football to ’90s movies, and Bonaddio said different quizzes will have different prize structures — some might be winner take all, while others might award prizes to the top 50% of participants. The average quiz will cost $2 to $3 to enter, but prices will range from free to “$20 or even $50.”

What kind of quiz might cost that much money to enter? As an example, Bonaddio said that in a survey of potential users, he found, “There are no casual ‘Rick and Morty’ fans … They’re almost completely price sensitive, and since they’ve seen every episode, they can’t fathom a world where someone knows more about ‘Rick and Morty’ than they do.”

Continue Reading

Mobile

TikTok’s new developer tools allow apps to offer ‘Login with TikTok,’ sound sharing, and more – TechCrunch

Published

on

TikTok is expanding its integrations with third-party apps. The company today announced the launch of two new tool sets for app developers, the TikTok Login Kit and Sound Kit, that will allow apps on mobile, web and consoles to authenticate users via their TikTok credentials, build experiences that leverage users’ TikTok videos and share music and sounds back to TikTok from their own apps.

The company already offers tools that allow app developers to share content, including both pictures and videos, back to TikTok. But the new kits — or, SDKs (software development kits) — expand upon that functionality to make TikTok not just a destination for sharing, but a more deeply integrated part of the third-party app experience.

For starters, the new Login Kit allows an app’s users to sign in quickly using their TikTok log-in credentials, similar to other social log-ins offered by Facebook or Snap. Once signed in, users can then access their TikTok videos in the third-party app, potentially fueling entire new app ecosystems with TikTok content.

Image Credits: TikTok

For example, a video dating app called Snack is using the Login Kit to allow users to share their TikTok videos on their dating profiles to help them find new matches. The game recording app Medal will allow users to share their TikTok videos with their fellow gamers. And Singapore-based Burpple lets users share their food and dining reviews with a community.

Other early adopters of the Login Kit include gaming clips app Allstar, anti-anxiety app Breathwrk, social app IRL, as well as dating and friend-making apps Lolly, MeetMe, Monet, Swipehouse and EME Hive. Creator tool provider Streamlabs is also using Login Kit, as is video game PUBG, which is only using the login functionality. A forthcoming NFT platform Neon will use Login Kit, too.

When users log in to these apps via their TikTok credentials, they’ll then be presented with an additional permissions box that asks them if the app in question can read their profile information and access their public videos, which they then have to also agree to in order to take advantage of the additional video sharing options inside the app itself.

For the time being, these are the only permissions that Login Kit asks for — and it doesn’t give the app access to further information, like who the TikTok user’s friends are, for example. If TikTok expands beyond these permissions in the future, it says it will be transparent with users about any changes or new additions. For the time being, however, the focus is more on allowing apps to better integrate TikTok content into their own experiences.

Image Credits: TikTok/Rapchat

The other new SDK launching today is the Sound Kit, which allows artists and creators to bring their original sounds and music from a third-party app into TikTok. This kit, which also requires Login Kit to work, will help TikTok seed its sounds database with more original content it doesn’t have to license from major labels. Instead, whatever licensing rights to the music and other sounds that exist within the original app will still apply to whatever is shared out to TikTok. But by sharing the music more broadly, creators can gain interest from potential fans and even see their sounds used as the backing for new TikTok videos.

Early adopters on this front include mobile multi-track recording studio Audiobridge, music creation and collaboration suite LANDR, hip hop music creation app Rapchat and upcoming audio recording and remix app Yourdio.

TikTok says some of the apps selected as early partners for the SDKs were those that already adopted its Share to TikTok SDK, which launched in 2019. Others, however, were chosen based on a specific set of criteria, including the ability to move quickly to integrate the new features and the strength of their specific use cases. TikTok was looking for a diversity of use cases and those that were particularly novel — like building out a dating network based on videos, for instance.

More information on the new tools and developer documentation will be added to TikTok’s developer website, but TikTok says it will be vetting and reviewing developers who request access. And as most of the current developer partners are U.S.-based, with just a few exceptions, the company says it is looking to diversify the list of companies going forward, as this is a global initiative.

“As TikTok becomes increasingly ingrained in culture, more third-party apps across a variety of categories and use cases are looking to tap into our community on their own platforms,” said Isaac Bess, TikTok’s Global Head of Distribution Partnerships, in a statement about the launch. “Through the Sound Kit and Login Kit for TikTok, we’re providing seamless integration solutions that help developers expand their reach, increase exposure for creators, and empower our community to showcase their content on other platforms,” he added.

Continue Reading

Trending