Facebook has been conducting research that gathers highly personal data from paid volunteers, a report has revealed.
TechCrunch said participants – including those aged 13-17 – have been paid up to $20 (£15.30)-a-month to open up their phone to deep analysis.
Facebook is said to have created an app that the report said could be in contradiction of Apple’s policies.
TechCrunch reported Facebook used social media ads to target teenagers for the scheme. Facebook denies this.
The social network said everyone involved in the programme had consented, and that market research was standard practice.
However, in the hours after TechCrunch’s report was published, Facebook said it was now ending the programme on Apple devices.
The research focused on users aged 13-35, and those under 18 were asked to get parental consent, Facebook said.
In a statement, the firm took issue with TechCrunch’s characterisation of the programme.
“Key facts about this market research programme are being ignored,” a spokeswoman said via email.
“Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App. It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate.
“Finally, less than 5% of the people who chose to participate in this market research programme were teens. All of them with signed parental consent forms.”
When asked by the BBC how exactly the parental consent was obtained, Facebook said it was handled by a third-party and did not elaborate.
Apple has not yet commented on whether it felt Facebook had broken its rules, and what action it might take as a result.
There is also an app on Google’s mobile operating system, Android. Google is also yet to comment.
TechCrunch’s detailed report explains Facebook had previously conducted market research using an app called Onavo, which it acquired in 2013.
But in August last year, Facebook removed the app from the App Store after Apple complained about the data it was collecting on users.
Facebook, however, had another research app, which has been running since 2016. It circumvents Apple’s App Store by using testing tools typically used to install apps that are still in development.
The app installs a “root certificate”, which enables deeper access to a phone’s software – functions not reachable by typical apps. This allows for monitoring of a broad range of actions on the device, such as browsing activity, which apps are used, and data on what you do inside those apps. Facebook’s app would also ask users to take a screenshot of their recent Amazon ordering history.
Apple allows the installation of root certificates in narrow cases, such as for companies which provide employees with iPhones but want to install added protections, monitoring capabilities and security.
But Apple’s Developer Enterprise Program License Agreement” makes it clear that these certificates must only be used for “specific business purposes” and “only for use by your employees”.
There are scenarios that allow exceptions to the rule, the policy goes on to say, but market research does not appear to be one of them.
Facebook insisted its market research policies were not unusual.
“Like many companies, we invite people to participate in research that helps us identify things we can be doing better,” a spokesperson said.
“Since this research is aimed at helping Facebook understand how people use their mobile devices, we’ve provided extensive information about the type of data we collect and how they can participate.
“We don’t share this information with others and people can stop participating at any time.”