Ap­ple strikes blow to Facebook as it clamps down on data har­vest­ing

The Guardian Australia - - Science / Technology - Olivia Solon

Ap­ple has up­dated its rules to re­strict app de­vel­op­ers’ abil­ity to har­vest data from mo­bile phones, which could be bad news for a Facebook-owned data se­cu­rity app called Onavo Pro­tect.

Onavo os­ten­si­bly pro­vides users with a free vir­tual pri­vate net­work (VPN) which, it claims, helps “keep you and your data safe when you browse and share in­for­ma­tion on the web”. What is not im­me­di­ately ob­vi­ous is that it feeds in­for­ma­tion to Facebook about what other apps you are us­ing and how much you are us­ing them back to the so­cial net­work­ing gi­ant.

“The prob­lem with Onavo is that it talks about be­ing a VPN that keeps your data pri­vate, but be­hind the scenes it’s har­vest­ing your data for Facebook,” said Ryan Dochuk, CEO of the paid-for VPN Tun­nelBear. “It goes against what peo­ple gen­er­ally ex­pect when they use a VPN.”

Onavo has been a Tro­jan horse for Facebook (in the clas­si­cal sense, not as mal­ware), al­low­ing it to gather in­tel­li­gence on the apps peo­ple use on tens of mil­lions of devices out­side its em­pire. This real-time mar­ket re­search high­lights which apps are be­com­ing pop­u­lar and which are strug­gling. Such com­pet­i­tive in­tel­li­gence can in­form ac­qui­si­tion tar­gets and ne­go­ti­a­tions as well as iden­tify pop­u­lar fea­tures it could copy in ri­val apps it.

As first re­ported by Bloomberg, Ap­ple’s new App Store rules ex­plic­itly ban the col­lec­tion of “in­for­ma­tion about which other apps are in­stalled on a user’s de­vice for the pur­poses of an­a­lyt­ics or ad­ver­tis­ing/ mar­ket­ing”, which ap­pears to be in­ten­tion­ally worded to clamp down on apps like Onavo.

“Ap­ple has been very clear that it’s pro-pri­vacy,” ,” said Joseph Jerome, a pri­vacy spe­cial­ist from the Cen­ter for Democ­racy and Tech­nol­ogy, “and with ev­ery it­er­a­tion of iOS [Ap­ple’s mo­bile op­er­at­ing sys­tem] has been try­ing to re­strain the abil­ity of apps to know what’s go­ing on on the de­vice if a user hasn’t au­tho­rised it.”

Onavo started life in Tel Aviv in 2010 as a startup that helped peo­ple re­duce their wire­less bills by com­press­ing in­com­ing data on an iPhone or An­droid de­vice. It also high­lighted which apps were us­ing the most data. For mo­bile pub­lish­ers, it pro­vided an­a­lyt­ics to help them keep track of how their apps were per­form­ing against com­peti­tors. In May 2013, it launched a VPN called Onavo Pro­tect, which promised to pro­tect peo­ple’s data when they were brows­ing the web from their phone on a pub­lic wifi net­work.

Facebook bought the com­pany in Oc­to­ber 2013 for an undis­closed sum, es­ti­mated to be be­tween $100m and $200m.

VPNs work by redi­rect­ing and en­crypt­ing all data leav­ing your com­puter, phone or tablet and send­ing it to an­other server in an­other lo­ca­tion. They po­si­tion them­selves as tools for pro­tect­ing peo­ple’s pri­vacy and se­cu­rity, but that very much de­pends on who is run­ning the VPN and how they make their money.

“This server is in a re­ally priv­i­leged po­si­tion,” said Dochuk. “Es­sen­tially, it needs 100% of con­sumer trust be­cause 100% of their data is go­ing through that server.”

This means who­ever runs the VPN knows which apps are in­stalled on your de­vice and how much you use them; which web­sites you visit; and your de­vice type and lo­ca­tion.

There are some VPNs, such as Tun­nelBear, that cover their server and band­width costs through paid sub­scrip­tions and oth­ers, like Hola and Onavo, that pro­vide a free ser­vice to the end user, but ex­tract value from the data they col­lect or by sell­ing peo­ple’s un­used band­width.

“If you’re not pay­ing with your money you are prob­a­bly pay­ing with your data,” said Will Strafach, a se­cu­rity spe­cial­ist who has an­a­lysed the Onavo app.

Ac­cord­ing to the Wall Street Jour­nal, Facebook em­ploy­ees have put the Onavo data to good use by mon­i­tor­ing the per­for­mance of ri­val Snapchat, par­tic­u­larly af­ter Facebook’s In­sta­gram app launched sim­i­lar fea­tures. Onavo’s data also re­port­edly helped guide Facebook’s de­ci­sion to buy What­sApp for $19bn in 2014 and to clone the pop­u­lar group video chat app Housep­a­rty.

In writ­ten ques­tions fol­low­ing CEO Mark Zucker­berg’s con­gres­sional tes­ti­mony in April, law­mak­ers asked Facebook whether its use of data gleaned from Onavo vi­o­lated the pri­vacy con­sumers ex­pect of a VPN.

Facebook said that it ex­plained what data it would re­ceive when a user in­stalled the app.

“This helps us im­prove and op­er­ate the Onavo ser­vice by analysing your use of web­sites, apps and data,” Onavo Pro­tect’s App Store mes­sag­ing reads. “Be­cause we’re part of Facebook, we also use this info to im­prove Facebook prod­ucts and ser­vices, gain in­sights into the prod­ucts and ser­vices peo­ple value, and build bet­ter ex­pe­ri­ences.”

Users have to ac­cept these terms be­fore us­ing the app.

The com­pany has ac­knowl­edged it uses Onavo to mon­i­tor com­peti­tors, but it in­sists this is not un­usual: “Web­sites and apps have used mar­ket re­search ser­vices for years.”

Facebook said it did not con­nect the app us­age data col­lected through Onavo to the data col­lected from an in­di­vid­ual’s Facebook ac­count.

Strafach said it would be easy for Facebook to con­nect the data if the per­son also had the Facebook app in­stalled on their phone.

“You just have to trust that they are not do­ing that,” he said.

Given Facebook’s re­cent track record with data pri­vacy, that trust may have slightly eroded.

Pho­to­graph: Greg Baker/AFP/Getty Im­ages

Ap­ple’s new App Store rules ap­pear to be in­ten­tion­ally worded to tar­get apps like Onavo.

Pho­to­graph: Christophe Morin/ IP3/Getty Im­ages

Onavo pro­vides in­for­ma­tion to Facebook about what other apps you are us­ing and how much you are us­ing them.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.