Comment by musicale

Comment by musicale 13 hours ago

0 replies

View on Hacker News

You're not wrong, but Apple and Google probably remember things like the Facebook VPN fiasco of 2018, where Facebook's VPN app was banned from the app store for breaking privacy rules – and then they turned around and abused enterprise app certificates to sidestep the ban.

> By installing Onavo, millions unknowingly granted Facebook full access to their digital activity. App usage, browsing habits, and precise timestamps were silently collected. Facebook VPN didn’t just observe its own users - it tracked behavior across rival platforms like YouTube, Amazon, and Snapchat.

> ... Engineers exploited Onavo’s infrastructure to install a root certificate on phones, masking Snapchat’s servers to decrypt user activity.

This is an obvious security hole that should never have existed, but the fact that Facebook eagerly exploited it, while abusing VPNs for tracking and enterprise certs for sidestepping app store privacy rules, shows the threat landscape.

https://www.analyticsinsight.net/news/when-facebook-used-vpn...