Apple orders Facebook to remove security app amid privacy concerns

As per Business Insider, Apple recently asked social network Facebook to remove Onavo Protect as it has been determined that the security app was in violation of Apple’s data collection rules.

Acquired by Facebook back in 2013, Onavo is an Israeli-based security firm that has long been a subject of controversies, including getting blasted by security advocates for being a privacy threat and for allegedly using the psychological profiles of its users.

It gained recognition through its flagship app Onavo Protect, which offers access to a virtual private network (VPN) and provides security alerts, among other security-based features. The app even alerted users if malicious sites of any sort are visited. However, the said app also collects other data from users, such as what other apps are being used, which it redirects back to a private server owned by Facebook. The social network then uses this data to create an internal system that quietly monitors other apps, including ones that get the highest amount of usage.

In a blog post published on Monday, Sudo Security Group CEO Will Strafach stated that the app uses what is called a Packet Tunnel Provider to handle incoming and outgoing traffic on the VPN. He then claims that through this, Onavo is able to send data over to Facebook HQ. The said data includes daily Wi-Fi usage, daily cellular data usage, the amount of time a VPN connection is used, and when a mobile is either on or off.

However, according to the Onavo privacy policy, by using the app, “you choose to route all of your mobile data traffic through, or to, Onavo’s servers.” Furthermore, the app also says that its collected data may be used to “provide, analyze, improve, and develop new and innovative services for users.”

Due to this practice, Apple identified that the app is in violation of its own data collection rules. In fact, according to The Wall Street Journal, the trillion-dollar company already notified Facebook about this issue early this month.

“We work hard to protect user privacy and data security throughout the Apple ecosystem,” said an Apple spokesperson to CNBC. The spokesperson added that the company’s latest guideline updates made it clear that any app installed on a user’s device should not collect information that will be used for analytics or advertising/marketing. The apps should also specify what user data will be collected, as well as what it will use the data for.

The other end of the spectrum

As an answer, a spokesperson from Facebook said in a statement, “We’ve always been clear when people download Onavo about the information that is collected and how it is used. As a developer on Apple’s platform, we follow the rules they’ve put in place.”

Facebook has already removed the app from the Apple’s App Store. However, it is still available for Android.