Originally posted on The Hacker News by Mohit Kumar on August 23, 2018.

Facebook yesterday removed its mobile VPN app called Onavo Protect from the iOS App Store after Apple declared the app violated the iPhone maker’s App Store guidelines on data collection.

For those who are unaware, Onavo Protect is a Facebook-owned Virtual Private Network (VPN) app that was primarily designed to help users keep tabs on their mobile data usage and acquired by Facebook from an Israeli analytics startup in 2013.

The so-called VPN app has been the source of controversy earlier this year, when the social media giant offered it as a free mobile VPN app, promised to “keep you and your data safe when you browse and share information on the web.”

However, Onavo Protect became a data collection tool for the Facebook helping company to track smartphone users’ activities across multiple different applications to learn insights about how Facebook users use third-party apps.

Why Did Apple Remove Facebook’s Free VPN App?

Now according to a new report from Wall Street Journal, Apple informed Facebook earlier this month that Onavo Protect violated its new App Store Guidelines, implemented in June restricting app developers from creating databases out of user information and sell it to third parties.

A discussion between Apple and Facebook about the app occurred last week, and Apple reportedly suggested Facebook to “voluntarily” remove Onavo Protect from the App Store, to which Facebook agreed.

“Earlier this month, Apple officials informed Facebook that the app violated new rules outlined in June designed to limit data collection by app developers, the person familiar with the situation said,” the report reads.

“Apple informed Facebook that Onavo also violated a part of its developer agreement that prevents apps from using data in ways that go beyond what is directly relevant to the app or to provide advertising, the person added.”

In a statement, Apple says the company is committed to protecting user privacy.

“We work hard to protect user privacy and data security throughout the Apple ecosystem. With the latest update to our guidelines, we made it explicitly clear that apps should not collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing and must make it clear what user data will be collected and how it will be used.”

What Data Does Facebook Collect Using Onavo Protect?

While Facebook markets Onavo Protect as a free VPN tool for users to keep themselves and their data safe, the app actually does is create a VPN that redirects users’ internet traffic to a private server managed by Facebook.

To get a picture of how Facebook uses Onavo as an extensive data collecting tool, you can read its Google Play Store description:

“Onavo may collect your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps, and data. Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.”

So if you think that Facebook can track your activities on the Web, but it can’t track what you do in other apps on your smartphone, you are wrong, especially when you are using Onavo Protect.

Although Facebook has removed Onavo Protect from the iOS App Store, users who have already downloaded the free VPN app will continue to be able to use it, but without any expectations of receiving updates to the app from Facebook.

This Facebook’s free VPN app had already been downloaded over 33 million times across both iOS and Android devices, and it is still alive and working on the Play Store, and Facebook has no plans to remove it until and unless Google finds it violating its terms.

WHAT SHOULD I DO?

If you used Onavo Protect and are concerned about the security of your information, we are here to help. The Hannon Law Firm is actively investigating this matter and would welcome the opportunity to talk to you about your concerns and experience. Contact us by calling 303-861-8800, or by filling out the contact form below.