As the company updates and polices its own privacy rules, it runs afoul of others'. On Jan. 29 Facebook admitted to paying teens to monitor their phone activity.
Parental consent amounted to a box checked on an online form. Through the teens' phones, Facebook was able to see what all their friends said to them, without the other parties' knowledge.
Apple Inc. blocked that research app because it violated the phone maker's policies.
Facebook acknowledged that it ran afoul of Apple's rules, but not that the app was doing anything sneaky.
The company got consent from everyone, Chief Operating Officer Sheryl Sandberg said on Bloomberg Television, and "what matters is that people know how their information is being used."
首席运营官谢丽尔·桑德伯格在彭博电视台(Bloomberg Television)上表示,公司已获得所有人的同意,“重要的是人们知道他们的信息是如何被使用的。”
Except they can't know. Facebook gave its research app participants instructions for how to give the company "root access" to their phones.
但人们并不知道。脸书向使用研究应用的参与者提供说明,告知他们如何向公司提供访问其手机的根权限(Root access,也称管理员权限)。
What that means, and what wasn't spelled out specifically in the instructions, is that Facebook could see all the data sent to and from the phones over Wi-Fi or cellular networks,
says Will Strafach, CEO of Guardian Mobile Firewall, who reviewed the technical aspects of Facebook's operation.
Guardian Mobile Firewall首席执行官威尔·斯特拉法赫回顾脸书的运营技术后发表上述看法。
The research app operated basically like an on switch for full surveillance processed through Facebook's servers, according to Strafach.
"If I wasn't angry about it, I would respect how well they deployed this," he says. "Nobody can say for sure what they've collected."

The incident ignited a new line of questioning from U.S. lawmakers, who are starting to recognize that privacy-related scrutiny should extend to Facebook's data collection, too.
"Wiretapping teens is not research, and it should never be permissible," says Connecticut Senator Richard Blumenthal, the highest-ranking Democrat on the chamber's consumer protection subcommittee.
Still, the creepy behavior didn't clearly break any laws. Europe is a step ahead: Under the General Data Protection Regulation enacted last year,
Facebook has to more clearly disclose what data it's gathering and why when requesting that users click OK.
Irish authorities already have seven investigations open on Facebook's tactics.
If the company is in violation, it could be fined a maximum of 4 percent of its global revenue.
Of course, it's difficult to imagine any regulator conjuring a fine big enough to upend the data hungry business model of a company that made $21.7 billion in profit last year.
And as long as Facebook is unwilling to limit its collection practices, we'll all have little choice in what we share.