Three of the Senate’s biggest privacy advocates are sending letters to Facebook, Google, and Apple executives Thursday, following a recent TechCrunch report that Facebook used an iOS and Android app to monitor the phones of users as young as 13 years old. The app, called Research and sometimes referred to as Project Atlas, gave Facebook complete visibility into users' app activity, web searches, encrypted data, and even private messages.

Now, senators Richard Blumenthal (D-Connecticut), Ed Markey (D-Massachusetts), and Josh Hawley (R-Missouri) want more information from Facebook CEO Mark Zuckerberg, Apple CEO Tim Cook, and Google’s senior vice president of platforms, Hiroshi Lockheimer, about the origins of the app and the information it collected, particularly from minors.

“These reports fit with long-standing concerns that Facebook has used its products to deeply intrude into personal privacy,” the letters to all three companies read. (All three letters are published in full below.) Taken together, the lawmakers' questions reckon with the three giants' awesome and unprecedented power, and seek answers about the tactics they use to retain it.

The bulk of the senators’ questions are reserved for Facebook and revolve around the company’s alleged attempt to target teenagers and sidestep device makers' privacy policies. Facebook has said that only 5 percent of the app’s users were teenagers, but the lawmakers still want to know if Facebook specifically targeted teens with ads about Atlas. They also ask why the parental consent form that the app’s teenage users had to submit was “less strict” than the one required by Messenger Kids.

SIGN UP TODAY Sign up for the Backchannel newsletter and never miss the best of WIRED.

Then there are questions about how Facebook distributed the app. Prior to debuting the Research iOS app, Facebook operated a similar tool called Onavo on iOS. Apple removed it from the App Store last year, saying that apps which collect data on other third-party apps are prohibited. With the Research app, Facebook avoided the App Store entirely by using a feature of Apple's Developer Enterprise Program that allowed iOS users to download the app from their browser instead. But the program is intended for companies to share app updates with their own employees, not consumers. Facebook shut down its iOS app after TechCrunch’s report.

Perhaps the most pressing question is what information Facebook actually used and why. Experts have noted that the Research app installed what’s known as a “root certificate” on users’ phones, which granted the company unlimited visibility into users' actions. But it’s still unclear whether Facebook actually analyzed and retained all of that information. The lawmakers are hoping to clear that up.

In particular, they want to know whether Facebook collected and saved data on messages that Research users received from other people. Facebook has defended itself against these reports saying that users were fully informed of the sort of access the app would have and that they were even being paid to download the app. “Despite early reports, there was nothing ‘secret’ about this; it was literally called the Facebook Research App,” a Facebook spokesperson told TechCrunch at the time. “It wasn’t ‘spying’ as all of the people who signed up to participate went through a clear on-boarding process asking for their permission and were paid to participate.”

But third parties who messaged those users presumably would have had no idea their information was being collected. Facebook has not responded to WIRED's questions on this subject.

While Facebook has taken the brunt of the scrutiny, Blumenthal, Markey, and Hawley also have questions for Apple and Google. Google operated a similar app called Screenwise Meter, which also bypassed Apple’s review process using the same enterprise program loophole. A Google spokesperson later told WIRED that using this program in this way was "a mistake, and we apologize."

After the news broke, Apple temporarily suspended both Facebook and Google from the enterprise program, which also meant that employees at Facebook and Google couldn’t access their company’s internal apps for a short period of time.