Facebook is never far from the headlines recently – and most of the news is bad. The latest scandal involves the Research program, designed to track app usage and web browser activity.

The issue centres on an app called Research, and Facebook’s attempts to gather valuable personal data from Apple iPhone users – including those aged under 18.

Circumventing security

The Apple iPhone has a reputation for being more secure than Apple devices because of the way that personal data is protected on the device. Normally iOS apps are not permitted to access information from the Mobile Safari web browser; apps that break these rules are banned from the App Store.

App developers are permitted some extra flexibility with these rules however, allowing them to test various additional functions that are not normally available. And it is this flexibility that Facebook Research exploited.

Facebook users were encouraged to register for the Research program, and were then sent a special link to download the app. Because the app was designated as being for development use only, the usual security checks carried out by Apple were not applied.

And so it was that Facebook were able to harvest vast amounts of personal data – including encrypted communications – from Research program participants.

What is the problem?

Facebook clearly broke App Store rules about app design and personal data harvesting which is why the Research app is no longer available. They were also temporarily banned from the Apple Developer program, preventing them from updating any of their apps – including the Messenger and Facebook apps.

Facebook argues that everyone enrolled in the Research program gave their consent to have personal data collected, and that they were paid in return. However, analysis of downloads shows that nearly a quarter of registrants were aged 13 to 18.

Users aged under 18 were supposed to obtain parental consent before sign-up – but there is little evidence that they did. Most simply had to select a checkbox, allowing them to verify consent themselves.

Concerningly, most of these young users do not seem to have understood just how invasive the Research program was. Some will have realised that their web browsing activity was being recorded – but did they also know that virtually everything they did on their phone was being recorded and sent back to Facebook? Media reports suggest that they did not.

Concerning for parents

For parents, the Research scandal should be a wake-up call. Allowing anyone, including Facebook, to have unrestricted access to personal data is a dangerous precedent, and teens need to be educated about the potential risks.

Valuing and protecting personal data is a modern-day life skill, giving your kids greater control over their future. Helping them understand the risks of the Research app, and the importance of getting parental consent, will help protect them from unscrupulous marketers – and data thieves – as they get older.

You can kickstart the conversation – and start protecting them immediately – with the Panda Dome security suite. With tools to filter content, limit app downloads and restrict personal data sharing potential, you can help keep kids safe while you teach them how to make wise choice. Click here to start your free Panda Dome trial today.