> Facebook uses an internal database to track rivals... The database stems from Facebook's 2013 acquisition of a Tel Aviv-based startup, Onavo, which had built an app that secures users' privacy by routing their traffic through private servers. The app gives Facebook an unusually detailed look at what users collectively do on their phones...
WTF is this shady-ass sh*t. Way to "secure users' privacy," Facebook.
From the sound of Onavo's App Store reviews they are using deceptive marketing of the "Your phone is infected, install this now!!" variety. Yet they have a lot of positive but suspiciously brief reviews balancing them out. So Facebook bought a company that MITMs unsuspecting users for profit, using scammer marketing techniques and fake reviews to drive installs, then leverages that to knife babies. "Don't be too proud," indeed.
I hope there is cause for Apple to remove this app from the App Store (like deceptive marketing or exploitive practices). Or for a bunch of us good folks to leave negative reviews. These guys depend on informed people avoiding these apps and not leaving reviews.
Apple just booted all these apps off the Appstore, supposedly because they somehow didn't notice that there were dozens of apps installing VPN profiles to block ads or "improve" privacy. (There were a few good ones, but most were thinly veiled spyware.) And that these apps were all violating the rule against misuse of the intended functionality of device features -- which is certainly true but wasn't being done surreptitiously.
You have to wonder how many of those apps had deals to sell "anonymized" data to FB or Google and whether Apple saw this as a threat to its platform or products. Many of the TOS's could have been read to allow even raw data going to an "affiliate" which FB could easily have become for any number of them.
This coming on the heels of removing native FB support in iOS 11. Although, that was likely unrelated to data leakage.
Ad-blocking is a separate matter. VPN apps which do not block ads will continue to remain in the App Store, such as the one being discussed here (Onavo Protect).
This isn't even the only Tel Aviv based "proxy" shadyware company that's being used for criminal activity by spammers and botnets: https://luminati.iohttps://hola.org/
This is more detailed data it sounds like but fundamentally how is this different than obsessively monitoring app Annie for which apps are gaining traction in your space?
Apples and oranges. I stand corrected about them snooping on users, but Mobidia is more upfront about what they do.[1] Onavo is deceptive, suggesting that they improve "security" and leveraging scammy marketing to drive installs.
Support everything said except for MITM. They do not intercept anything, just gather the metadata on the frequency of use, amount of traffic sent etc. And users install those apps to see traffic stats. I am pretty sure they share this info according to the ToS. Just a plain old "if you're not paying for it, you're the product".
Edit: they also gather this data even if you don't use their VPN service. But I don't think average users care that much if Facebook knows the distribution of time spent on Twitter by all people using that app.
You have to intercept to gather metadata... but semantics aside, they are deceiving users.
First there is the marketing scam reported in the app store reviews, people who installed it because some web site told them they have a virus and they need this thing to fix it.
Second, the only mention of their logging practices is buried below the fold in the last line of their description: "Onavo receives and analyzes information about your mobile data and app use." This is just vague enough to deceive a user that believes it is merely to support their user-facing features, i.e. giving you a report on what you use... not Facebook for spying purposes. Of course, most users never even get that far in the description. They're installing this to "secure their phone" because of a scary ad they saw.
These guys know exactly what they're doing. Most of their users, not so much. That's where we come in. The App Store exists to help protect users from this kind of exploitation and I hope Apple and our community takes action.
some web site told them they have a virus and they need this thing to fix it
I did some investigating of one of those sites, and from what i can tell, they are using App Store affiliate links, and rotating amongst a handful of accounts. If they can convince you that you have a virus, and they take you to the $30 Symantec app that has good reviews, they get a nice commission. Symantec doesn't even have to have anything to do with those sites.
They just want to know how much do you use each app on your phone and not anything related to the TCP exchange. Therefore no MITM has to take place.
The rest, I fully agree with you: one deception paves way to another. I think just making users aware that it's Facebook tracking their app usage and not some "Onavo" would be enough for people to think better about their privacy.
> First there is the marketing scam reported in the app store reviews, people who installed it because some web site told them they have a virus and they need this thing to fix it.
This is common and I am not entirely sure Onavo supports this wittingly. Most times that I have seen it, the ad redirects to the "Norton Wi-Fi Privacy" page on the App Store instead.
Agreed on point #2, they should be much more clear on what they do with user data.
WTF is this shady-ass sh*t. Way to "secure users' privacy," Facebook.
From the sound of Onavo's App Store reviews they are using deceptive marketing of the "Your phone is infected, install this now!!" variety. Yet they have a lot of positive but suspiciously brief reviews balancing them out. So Facebook bought a company that MITMs unsuspecting users for profit, using scammer marketing techniques and fake reviews to drive installs, then leverages that to knife babies. "Don't be too proud," indeed.
I hope there is cause for Apple to remove this app from the App Store (like deceptive marketing or exploitive practices). Or for a bunch of us good folks to leave negative reviews. These guys depend on informed people avoiding these apps and not leaving reviews.