Last week, Apple removed Facebook’s data-security app Onavo Protect from its app store for alleged violations of Apple’s data-collection policies. Onavo, which has been available as a free download through Apple’s app store for years and reportedly has been downloaded by over ten million users, allowed users to create a virtual private network (VPN) that redirects internet traffic to a private server managed by Facebook. In removing the app from its app store, Apple stated that Onavo violated Apple’s new privacy rules introduced in June by collecting data that is not directly relevant to the app’s purpose. Specifically, Onavo allowed Facebook to collect user data related to that user’s internet activity beyond use of Facebook and continued to collect data on users even when the user ceased to use the VPN functionality.

Facebook insists that it does not harvest data through Onavo for advertising purposes or to tie the data to an individual’s social media accounts; however, Facebook did admit to Congress in June that it uses Onavo data for internal analytics on what apps are popular and how users elect to use the apps. While Onavo is no longer available through the Apple app store, the app will remain on users’ phones unless deleted by the user and is still available through Android and Google Play app stores.

This news serves as an important reminder that even apps, software, or services that purport to protect a user’s data may in fact expose that user’s data to undesirable uses by the app, software, or service provider. While it may not be anybody’s idea of a good time, you should always carefully read the fine print for any such app, software, or service in order to understand exactly to what you may be agreeing.

Check out our series, Privacy Perils, to learn what steps you can take to guard your personal and company data. For more information about this topic and other cyber security concerns, please contact a member of our Privacy & Data Security team.