According to internal emails, Facebook executives created a tool called In-App Action Panel (IAAP) at the behest of CEO Mark Zuckerberg. This program was launched in 2016 and remained operational until mid-2019.
The program utilized cyberattacks to intercept information from Snapchat, YouTube, and Amazon, which was later decrypted.
“Facebook’s IAAP Program used nation-state-level hacking technology developed by the company’s Onavo team, in which Facebook paid contractors (including teens) to designate Facebook a trusted ‘root’ certificate authority on their mobile devices, then generated fake digital certificates to redirect secure Snapchat analytics traffic (and later, analytics from YouTube and Amazon) from Snapchat’s servers to Onavo’s; decrypted these analytics and used them for competitive gain, including to inform Facebook’s product strategy; reencrypted them; and sent them up to Snapchat’s servers as though it came straight from Snapchat’s app, with Facebook’s Social Advertising competitor none the wiser,” lawyers said in one of the documents.
The attorneys, representing plaintiffs in a lawsuit alleging Facebook’s anti-competitive behavior, were discussing emails they obtained through the discovery process.
In an email, Mr. Zuckerberg expressed the necessity of obtaining information about Snapchat despite their encrypted traffic: “Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this,” Zuckerberg wrote.
Following the initiation of efforts by Facebook staff to address the issue, Facebook’s Chief Operating Officer, Javier Olivan, worte that the program could potentially users to “let us install a really heavy piece of software (that could even do man in the middle, etc.).”
“Man in the middle” refers to a cyberattack method where attackers secretly intercept information.
“We are going to figure out a plan for a lockdown effort during June to bring a step change to our Snapchat visibility. This is an opportunity for our team to shine,” Guy Rosen, founder of Onavo, later wrote. Onavo was started in Israel and bought by Facebook in 2013.
During a presentation about the finalized program, it was explained that there would be “kits” available for installation on iOS and Android devices. These kits would intercept traffic for specific sub-domains, enabling Facebook to read encrypted traffic and gauge in-app usage.
Evidence from documents and testimony in the case revealed that the program was launched in June 2016 and remained operational until 2019.
According to the documents, the program initially focused on Snapchat but was later expanded to include Google’s YouTube and Amazon.
Facebook employees stated that the insights obtained from the program helped inform Facebook’s product designs. Those products “hamper[ed] Snap’s ability to sell ads,” one Snap executive said in a deposition for the case.
Snap, Google, and Amazon did not return requests for comment.
Mr. Zuckerberg, in another deposition, refused to answer questions about the program. Mr. Zuckeberg indicated he might answer questions if he was given an opportunity to review the documents.
No comments:
Post a Comment