Facebook has pulled its privacy-invading Onavo Protect VPN app off the Google Play store and will reportedly stop gobbling up data from users who still have the app on their devices.
Facebook “will immediately cease pulling in data from [Onavo] users for market research though it will continue operating as a Virtual Private Network in the short term to allow users to find a replacement,” TechCrunch reported yesterday.
Facebook’s Onavo website still exists, but links to the Android and iOS apps are both broken. Facebook pulled the app from the iPhone and iPad App Store in August 2018 after Apple determined that Onavo violated its data-collection rules. Facebook purchased Onavo, an Israeli company, in 2013.
“With the suspicions about tech giants and looming regulation leading to more intense scrutiny of privacy practices, Facebook has decided that giving users a utility like a VPN in exchange for quietly examining their app usage and mobile browsing data isn’t a wise strategy,” TechCrunch wrote. “Instead, it will focus on paid programs where users explicitly understand what privacy they’re giving up for direct financial compensation.”
A Facebook spokesperson confirmed the Onavo shutdown to TechCrunch, telling the news site that it’s “shifting our focus to reward-based market research which means we’re going to end the Onavo program.”
An archived version of Onavo’s Google Play page says the app collects information such as the apps installed on users’ phones, the time spent using apps, the amount of mobile and Wi-Fi data used per app, websites visited, and each user’s country, device, and network type.
Facebook stops recruiting for “Research” app
Additionally, Facebook has stopped recruiting new users for “Facebook Research,” TechCrunch wrote. Apple previously stopped Facebook from distributing the app to iOS users, but it remains available on Android. “Existing Facebook Research app studies will continue to run,” even though Facebook won’t recruit more users, TechCrunch wrote.
TechCrunch previously detailed the Facebook Research app in an investigation titled, “Facebook pays teens to install VPN that spies on them.”
Starting in 2016, the Facebook Research app for iOS and Android offered users $20 per month in gift cards in exchange for personal data. On iOS, the app was distributed outside Apple’s App Store, using an enterprise program meant for distributing apps internally to a company’s employees. Apple last month revoked Facebook’s enterprise developer certificate in order to prevent that workaround, saying that enterprise certificates cannot be used to distribute apps to consumers. The certificate was later restored, presumably after Facebook agreed to use it only for its intended purpose.
The Facebook Research app “asked users for root access for any data on their phones and allowed Facebook to track their browsing history, message contents, app usage habits, and location data,” we wrote at the time. “It even had the potential to allow Facebook to decrypt encrypted network traffic on users’ devices.”
We contacted Facebook today and asked how long the Facebook Research program’s existing studies will continue to run on Android devices, and whether it will continue to retain and use the data it collected from Onavo. We’ll update this story if we get a response.
UPDATE: Facebook responded to us and confirmed the broad details of the TechCrunch story, but didn’t answer our questions about the Facebook Research program’s continuing studies or Facebook’s use of the data collected from Onavo.