The UK parliament has today publicly shared secret internal Facebook emails that cover a wide-range of the company’s tactics related to its free iOS VPN app that was used as spyware, recording users’ call and text message history, and much more.
The full document includes hundreds of pages of emails and data. A summary includes six main “key issues” from the documents.
- White lists
- Value of friends data
- Targeting competitor apps
Onavo was an interesting effort from Facebook. It posed as a free VPN service/app labeled as Facebook’s “Protect” feature, but was more or less spyware designed to collect data from users that Facebook could leverage. Apple pulled the app six months after it landed on the App Store.
Facebook’s emails describe how it used data from Onavo to target competitor apps:
Facebook used Onavo to conduct global surveys of the usage of mobile apps by customers, and apparently without their knowledge. They used this data to assess not just how many people had downloaded apps, but how often they used them. This knowledge helped them to decide which companies to acquire, and which to treat as a threat.
The emails also reveal more about how Facebook purposely obscured the fact that calls and texts would be recorded on Android devices.
Facebook knew that the changes to its policies on the Android mobile phone system, which enabled the Facebook app to collect a record of calls and texts sent by the user would be controversial. To mitigate any bad PR, Facebook planned to make it as hard of possible for users to know that this was one of the underlying features of the upgrade of their app.
Other tactics included whitelisting certain companies to allow access to the data of users and users’ friends. The UK parliament isn’t sure if Facebook received consent to do this.
Facebook have clearly entered into whitelisting agreements with certain companies, which meant that after the platform changes in 2014/15 they maintained full access to friends data. It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not.
The full collection of Facebook emails can be seen here.