There is a new entry in the navigation menu of the Facebook app for smartphones and tablets; clicking through on “Protect” will redirect to a listing for an app called Onavo Protect—which, at first glance, appears to be a VPN client. Except that it’s not. Rather than protecting your data from third parties the app will phone home to Facebook and report on what you’re doing on your device… whether you’re currently using the Facebook app or not.
The proof that this title is basically corporate spyware is hiding in plain sight on its App Store listing:
To provide this layer of protection, Onavo uses a VPN to establish a secure connection to direct all of your network communications through Onavo’s servers. As part of this process, Onavo collects your mobile data traffic. This helps us improve and operate the Onavo service by analyzing your use of websites, apps and data. Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.
As TechCrunch reports, the Onavo app has already been used to spy on SnapChat users, and to copy that platform’s popular features for Instagram, its Facebook-owned competitor.
Clawing back at least some of your privacy is as easy as uninstalling Onavo Protect—or better yet, never installing it in the first place.