Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Beware “Protect” In Facebook’s iOS App

In case you ever doubted Facebook’s commitment to hoovering up as much information about you as it can, the company has come under fire for a change in the Facebook app for iOS in the United States. In the last few days, users have discovered a new option when you tap the hamburger button to access your pages, shortcuts, and settings. In that screen is a section called Explore that lets you get to a vast number of Facebook services, such as On This Day, Crisis Response, Live Videos, Find Wi-Fi, and Device Requests. There are so many, in fact, that the last one is Show More, and tapping that displays another 11, including the reassuringly named Protect.

However, tapping Protect takes you to the App Store and displays an app called Onavo Protect — VPN Security. It is indeed a VPN — a virtual private network — that securely tunnels all your traffic through Onavo’s servers. The problem is that, as you might expect from the link source, Onavo is owned by Facebook. If you were to stumble on Onavo Protect in the App Store, you’d have to tap More and read the full description to discover that. If you read all the way to the end, you’d learn that Onavo Protect “directs all of your network communications through Onavo’s servers,” and that, “as part of this process, Onavo collects your mobile data traffic.”

Clearly, that menu item in the Facebook app should be labeled “Collect” instead of “Protect.”

Even if Onavo Protect is nominally legitimate, albeit a massive privacy violation, quite a number of its reviews seem fake, which is also troubling. Since there are no iPhone viruses, I can only assume that these are paid-for reviews. (The alternative is to believe that there are a lot of users who think the icons wiggling on the screen indicates a virus infection, not a too-long finger press.)

Despite its recent appearance in the iOS Facebook app, Onavo Protect isn’t new, and was a source of controversy last year when the Wall Street Journal reported that Facebook used Onavo-sourced data to determine that usage of the competing Snapchat app was slowing months before Snap announced that fact. Plus, Facebook linked to the Onavo Protect app in the UK version of the Facebook app (for both iOS and Android) starting in 2016, though there was little reporting on that fact then. TechCrunch says that about 62 percent of Onavo Protect’s 33 million installs come from Google Play (for Android), suggesting that some 12.5 million iOS users have installed Onavo Protect. The lower uptake rate in iOS might account for why Facebook is now promoting Onavo Protect in its iOS app in the United States — and possibly in other locations.

It’s bad enough when some unknown company provides a free VPN service in order to collect data about its users. It’s another thing when the company in question is part of Facebook, and that data can be combined with both any data you’ve allowed Facebook to have and any data about you that people you know have inadvertently provided to Facebook.

Our recommendation: If you use the Facebook app on your iPhone or iPad, don’t get suckered into installing Onavo Protect. And if you have installed Onavo Protect already for some reason, delete it unless you like revealing everything you do on your device to Facebook.


Make friends and influence people by sponsoring TidBITS!
Put your company and products in front of tens of thousands of
savvy, committed Apple users who actually buy stuff.
More information: <>

Comments about Beware “Protect” In Facebook’s iOS App

To leave a comment, click Add a Comment and then enter the text, your name, and your email address (which won't be displayed). Your comment will appear after you follow a link in the one-time confirmation message we send to verify that you're a real person.
Receive comments via RSS
Carol Weaver  2018-02-14 18:21
Thanks for this. I don’t have it. Have decided to slowly stop using the app. It has too much rubbish on it.
Reply  2018-02-14 19:59
I gave up on the Facebook app ages ago. Too Confusing. When I do wish to use Facebook on my iOS device, their website works well enough in Safari.
David Price  An apple icon for a TidBITS Supporter 2018-02-15 08:53
Seems like an intent to deceive. Isn't that called FRAUD, which is punishable by law?
TheTooner  2018-02-17 14:34
Certainly it's fraud if they deceive you with intent to induce you to give them money, goods, or service. Not so certain if they just collect information even though they can sell that for value. An argument would be you haven't lost your information, they have just gained a copy, and you weren't selling it to anyone so you haven't lost its value. Interesting case to try.
Tommy Weir  2018-02-18 15:15
First there was this news...

...and then I was checking out using TeamViewer on iOS to help troubleshoot family members on iPhone issues when I noted that the only other app that makes use of iOS 11's new screen recording feature was... Facebook. Not as yet 'implemented' but there, presumably so people can send 'Hey, look what I'm doing with my iPhone' live to their friends... and of course the data harvesting operations in place.

Having not used FB for about a year now, I finally deleted both it and Messenger from all devices and de-activated my account.