The fallout from Facebook’s controversial research app

Apple’s iOS platform has a seedy underbelly that, for years, has been lurking largely unseen, letting both app makers and iPhone owners bypass the App Store’s restrictions to load pirated games, media, and all manner of software that Apple forbids. The most staggering part of this illicit app underworld? Apple is responsible.

The company creates and distributes a suite of developer tools for an annual fee of just a few hundred dollars that allows sketchy apps onto the iPhone. While the result isn’t quite as robust as the jailbreaking community that emerged in the iPhone’s earliest years, it’s abetting perhaps an even murkier landscape of apps with uncertain security, privacy permissions, and potentially ulterior motives when it comes to making money.

Apple has long touted its iOS ecosystem for both the security and the tightly controlled approach the company has taken with its App Store, overseeing the approval of more than 2 million pieces of software to date for its mobile marketplace. But I’ve known for years that there are ways around that process, either by jailbreaking or by misusing what are known as enterprise certificates, which are designed for large companies to distribute apps internally, that let you directly install software on an iPhone.

Still, I was as shocked as anyone to find what amounted to a bizarro world App Store of sorts sitting in plain sight, downloadable with a few taps on my iPhone XS. The marketplace, called TutuApp, is just one of many illicit iOS app stores that can be easily sideloaded onto your Apple device, so long as you’re willing to hand the keys to your security and privacy to an unknown, likely China-based entity designed around peddling popular Nintendo knock-offs and pirated versions of apps and various types of spyware, malware, and other maliciously disguised software.

Facebook said today that Apple has restored its enterprise certificate, the software permission that allows the social network to load internal mobile apps onto the devices of employees, beta testers, and research participants.

The move comes roughly one day after Apple blocked Facebook from using the program after a TechCrunch investigation revealed it had re-skinned its Onavo VPN app, pulled from the App Store last summer, as the “Facebook Research” app. Facebook was paying teenagers and adults $20 a month to use the app, which was not distributed through proper iOS channels and was instead sideloaded using Facebook’s enterprise certificate, to siphon sensitive smartphone data.

Apple shut down Google’s ability to distribute its internal iOS apps earlier today. A person familiar with the situation told The Verge that early versions of Google Maps, Hangouts, Gmail, and other pre-release beta apps stopped working alongside employee-only apps like a Gbus app for transportation and Google’s internal cafe app. The block came after Google was found to be in violation of Apple’s app distribution policy, and followed a similar shutdown that was issued to Facebook earlier this week.

TechCrunch and Bloomberg’s Mark Bergen reported late Thursday that the apps’ functionality had been restored; Apple appears to have worked more closely with Google to fix this situation. “We are working together with Google to help them reinstate their enterprise certificates very quickly,” an Apple spokesperson earlier told BuzzFeed.

Programming note: I’m on assignment tomorrow and Friday. The Interface will return on Monday.

At around 2:30 a.m. ET on Wednesday, Facebook sent me an update about the controversial market research program revealed on Tuesday by TechCrunch. Effective immediately, the company said, the program would end on Apple devices. It also took issue with some of the language in TechCrunch’s report:

Google just disabled a private iOS app that monitored users’ iPhone usage, after it was revealed today that the app violated Apple’s distribution policies in the same way that Facebook’s usage-tracking Research app did.

Called Screenwise Meter, the iOS and Android app gave users who opted into Google’s Opinion Rewards program gift cards in exchange for tracking their internet usage data. The iOS version of the app relied on Apple’s enterprise program, which allows for the distribution of apps with special privileges to be used only by a company’s employees. The app has now been disabled on iOS, though it’s still available on Google’s Play Store.

Tuesday night, a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to install a VPN that let the company see nearly everything they did on their phones. Today, lawmakers on both sides of the aisle are lashing out at the tech giant, raising new questions about how the company might fare in future privacy legislation.

“Wiretapping teens is not research, and it should never be permissible.” Sen. Richard Blumenthal (D-CT) said in a statement. “Instead of learning its lesson when it was caught spying on consumers using the supposedly ‘private’ Onavo VPN app, Facebook rebranded the intrusive app and circumvented Apple’s attempts to protect iPhone users.”

Google distributed a private app that monitored how people use their iPhones, in much the same way that Facebook did — and got in trouble for. Google’s app, reported today by TechCrunch, rewards users with gift cards for letting Google collect information on their internet usage. The app has since been disabled.

The app relied on Apple’s enterprise program, which allows for the distribution of internal apps within a company. That could be a problem: Apple says these apps should only be used by a company’s employees, and companies that violate the policy could be banned, having all their internal apps disabled. That’s exactly what happened to Facebook today.

Apple has shut down Facebook’s ability to distribute internal iOS apps, from early releases of the Facebook app to basic tools like a lunch menu. A person familiar with the situation tells The Verge that early versions of Facebook, Instagram, Messenger, and other pre-release “dogfood” (beta) apps have stopped working, as have other employee apps, like one for transportation. Facebook is treating this as a critical problem internally, we’re told, as the affected apps simply don’t launch on employees’ phones anymore.

The shutdown comes in response to news that Facebook has been using Apple’s program for internal app distribution to track teenage customers with a “research” app.

One popular criticism of Facebook and other tech platforms is that they never compensate users for their time, their data, or their contributions. Facebook is one of the richest companies in the world because of the data we hand over to it for free, the argument goes. Why doesn’t it pay up?

Today we learned that Facebook has heard these criticisms — and if you’re aged 13 to 35, it would like to give you a $20 gift card.

Facebook will end a controversial market research program that violated Apple developer guidelines in order to harvest user data from the phones of volunteers. The company said early Wednesday evening that the Facebook Research app, which offers volunteers between the ages of 13 and 35 monthly $20 gift cards in exchange for near-total access to the data on their phones, would no longer be available on iOS. It will apparently continue to be available for Android users.

TechCrunch reported on Tuesday that the company has been paying the gift cards to people aged 13 to 35 in exchange for installing an app called Facebook Research on iOS and Android. The app monitors their phone and web activity and sends it back to Facebook for market research purposes.

Facebook has run a program to collect intimate user data from paid volunteers for the past three years, according to a new report. TechCrunch reported that the company has been paying people ages 13 to 25 as much as $20 month in exchange for installing an app called Facebook Research on iOS or Android, which monitors their phone and web activity and sends it back to Facebook. The company confirmed the existence of the research program to TechCrunch.

Facebook was previously collecting some of this data through Onavo Protect, a VPN service that it acquired in 2013. The data has proven extremely valuable to Facebook in identifying up-and-coming competitors, then acquiring or cloning them. Facebook removed the app from the App Store last summer after Apple complained that it violated the App Store’s guidelines on data collection.