Facebook has made the decision to completely remove its Onavo VPN app from the Google Play Store.
An investigation carried out by TechCrunch earlier this month revealed that, although Onavo was marketed as a VPN (Virtual Private Network) service, which is supposed to keep personal user information safe, it was being used as a tool for market research.
Facebook acquired Onavo in 2013 for a reported $200 million, but it has brought the company nothing but controversy in the years since.
Simon Migliano, Head of Research at Top10VPN.com, said: “Even if Facebook is finally – albeit reluctantly – doing the right thing, this should not overshadow the most important issue here, that in the wrong hands VPN technology is just as capable of compromising your personal data as securing it.”
The Onavo Protect app will eventually be shut down completely and will stop pulling in user data for market research with immediate effect. It will continue to operate as a VPN in the short term so that users have time to find a replacement, though.
Not only did the app allow Facebook to view all the websites its users visited, it also monitored the amount of time people spent on certain pages, as well as revealing their country and device model – the exact opposite of what a VPN is supposed to do.
TechCrunch’s report also revealed that Facebook admitted it used code from Onavo to power a new application called Facebook Research. This involved paying users in the US and India aged 13 to 35 up to $20 in gift cards every month for full access to their smartphones and all of the data stored on them.
Facebook operated this program in secret, hiding it within intermediary beta testing services such as Betabound and Applause. Users were recruited via ads on other social media apps like Instagram and Snapchat, and had to sign non-disclosure agreements before they were fully accepted onto the “Facebook Research Program”.
A spokesperson from the social media giant claims that there was “nothing secret about this”, however it had threatened to take legal action if users publicly discussed the program.
This backfired, as it meant that Facebook was in violation of the Apple Store guidelines. As a result, Apple revoked the company’s Enterprise Certificate, which in turn ‘broke’ all of Facebook’s internal apps for around 30 hours, including those used by its employees for internal communication.