The Brief: Facebook has been paying some people, including teenagers, $20 a month in order to access their private messages, emails, web searches, and browsing activity.


Facebook Research App

Since 2016, Facebook has been paying some users $20 per month in exchange for access to their phone and internet activity. This information has been tracked through an app that users downloaded. The app uses a root certificate to track information including private messages, emails, web searches, and browsing activity. Participants are also asked to send their Amazon payment history to Facebook. This same research project has been run through several different apps, some that were not directly or openly affiliated with Facebook.

While Facebook already uses user data for advertising, the idea of this program is that willing users can give the company more detailed data in exchange for compensation.

TechCrunch interviewed Guardian Mobile Firewall’s security expert Will Strafach who said:

“If Facebook makes full use of the level of access they are given by asking users to install the Certificate, they will have the ability to continuously collect the following types of data: private messages in social media apps, chats from in instant messaging apps – including photos/videos sent to others, emails, web searches, web browsing activity, and even ongoing location information by tapping into the feeds of any location tracking apps you may have installed.”


Facebook’s research program is controversial because of the fact and the way that it accesses detailed user information.  Participants in the program range from ages 13 to 35. To many, the fact that minors are included in this program is ethically questionable.

Apple Bans App

As this application violates Apple’s policy against enterprise certificates that grant root access, it has been banned from the App Store. Previously, Apple banned an earlier version of an app for Facebook’s research program called Onavo Protect. The Research program will continue to be available for Android users.

Although tech companies’ use of user data is widespread, this app program has been criticized more than others for the amount of detailed user information it accesses, and for how the app uses a root certificate to get it. At the crux of this issue is also whether or not the compensation participants receive means that the data collection is justifiable and if $20 a month is a sufficient trade for such personal information.