Facebook is at it again, and this time they’ve been caught red handed!   If you hadn’t heard, I’m talking about the “Facebook Research” app which has been found snooping on user data by breaking all the rules.

Back in 2013, Facebook acquired an Israeli mobile analytics company called Onavo.   Onavo had a mobile app which provided a VPN service to users.

VPN stands for Virtual Private Network, and is a technology commonly used by large corporations.   A VPN can provide a secure way for remote users to access a company network.  A VPN is effectively a secure tunnel over the internet to another location.   I regularly used a VPN when working with a UK based company, and whenever I was connected, my laptop was effectively plugged in to the secure UK network.  When you’re connected to a VPN, all the internet traffic to and from your computer goes via the remote location. And this is the real reason for the Onavo app.   When you were connected to their VPN, they were able to see everything going to and from your machine!

VPNs are also a popular way to access streaming content from other countries.   For example, if you have a Netflix account and go to www.netflix.com, you’ll see Canadian programming.  However, when I travelled to England and went to www.netflix.comI saw a different selection of UK content.  To get around this, you can use a VPN to appear as though you’re in another country.   There are VPN services you can sign up for that offer you remote locations around the world so that you can pick and choose which country’s content you want to see!  Netflix are catching up on this however and if they detect a VPN, they may block you from streaming!

So back to Facebook and Onavo.  Back in 2013, Facebook realised that if they could get users to connect via their VPN, they could learn a lot more about people as they’d see everything they accessed.   Every website, every email, everything!   This is why they bought Onavo and rebranded the app.

This was in breach of the terms and conditions that Apple apply to apps available for iPhones and iPads and when Apple detected this, they removed the Facebook VPN app from the app store.

Facebook had spent $120 million on an app that was now effectively banned from being used, so what could they do?

Well, they got sneaky.

All apps that you install on your iPhone or iPad have to be vetted and approved by Apple before they can reach the App Store.   This way you can be sure that the app is safe and isn’t going to steal your information or cause issues with your device.  However, there is kind of a back door to the app store that allows large companies to have their own apps.   For example, Facebook have apps for employees that are company directories and even apps that allow staff to order food from the canteen.  Obviously, these apps aren’t applicable to general use and shouldn’t appear in the app store.   So instead, Apple provides large companies with “Enterprise Certificates”.   If the certificate is installed on your iPhone, you’re allowed to install the company app.   Apple are strict about this though – Enterprise Certificates are ONLY for internal use by company employees.

Guess what, Facebook ignored this and provided these trusted certificates to members of the public, along with a re-branded “Facebook Research” app.   This completely circumvented Apple’s approval process!

Well Apple found out and weren’t happy!   They terminated the Facebook Enterprise Certificate – effectively disabling all of Facebook’s internal apps.  Yes, even the canteen ordering app.   Instead, the poor souls at Facebook had to get up and walk to the canteen!

Just as this was happening, it also came to light that Google had done the exact same thing!   They had an app, distributed with an Enterprise Certificate, that used VPN to analyse traffic.   Google came out with an immediate apology and withdrew the app.   Too late though – Apple terminated their certificate too!  Well, it would’ve been unfair to use one rule for Facebook and another for Google!

This sent both Facebook and Google scrambling to work with Apple to remedy the situation.   With hundreds of thousands of staff relying on internal apps, I’d say they both learnt a lesson!

Until next time, be careful what apps you install.   Stick to the App Store and you’ll be safe!