Photo : AP

It’s becoming clear that at some point in the not-so-distant past, a group of assholes at Facebook dreamt up a plan to prey on users who desire better mobile security but can’t be bothered to read the fine print.




For the second time in a month, the company has launched an app that, at first blush, appears to help keep users safe—but in reality siphons vast amounts of data from consumers’ cell phones and shoots it back to Facebook to do with whatever the hell it wants.

The latest app, discovered by Sensor Tower and first reported by TechCrunch, is called Bolt App Lock, and it claims to lock down any app on a phone using a pin code; the idea being that if your phone is somehow stolen while the screen is unlocked, the thief won’t be able to open your banking app or email app or any other app that contains sensitive information you wouldn’t want others to see.


It’s not an original idea (see: AppLock) and, frankly, the entire concept seems a little excessive.

The problem is that, while Bolt App Lock may do exactly what it claims, its true purpose appears to be collecting data on its users to further satiate Facebook’s creepy desire to know what everyone is doing at all times.

According to its listing on Google Play, the app is a product of Onavo, the VPN service owned and operated by Facebook.

Onavo’s ridiculous misnomer of a “privacy policy” spells out Facebook’s plot in plain English: If you use Onavo’s apps, Facebook is going to collect your personal information, including what apps you’ve installed and what websites you visit. In fact, Onavo appears to collect data on its users even when the damn thing is turned off. (Gizmodo reached out to Facebook on Wednesday about Onavo’s privacy policy. We have not received a response.)


What’s more, Facebook explicitly tells us what it intends to do with this data—basically whatever the hell it wants—including, but not limited to, sharing it with affiliates, service providers, and law enforcement; using it to “provide, analyze, improve, and develop new and innovative services” for third parties and others; and to “provide market analytics and other services” to third parties and others.

Even the Bolt App Lock listing on Google Play is pretty straightforward:

We collect info about your mobile device and the apps installed on it. This includes info about when those apps are used, and device and network information. We use and analyze this info to help us operate Bolt App Lock, an Onavo app, and improve the service. Because we’re part of Facebook, we also use this info to improve Facebook products and services, gain insights into the products and services people value, and build better experiences.


This isn’t a situation in which Facebook is stripping your name and other personal details about you out before using the data in aggregate. Its website clearly states that your “personally identifiable information” is being collected and may be provided to other companies (or the cops). This violates a pretty basic rule: Any app that purports to offer “security” must avoid unnecessarily collecting data about your every swipe and click.

There’s a word for that. It’s called “surveillance.”

If Facebook was pulling this crap with a mobile game or a flashlight app or something as equally dumb, well, it would still be pretty fucked up, but only half as treacherous. Passing an app off as a tool to keep users safe while porting their personal data around the internet and handing it off to god knows who is an extremely—extremely—dishonest thing to do.


Perhaps one day Facebook users will get sick of being jerked around and lied to and pull the plug on its conniving ass. But until then, it seems all we can do is keep a weathered eye out for this type of predatory trash and sound the alarm as far and wide as possible.

Update, 6:11pm: Facebook deleted Bolt App Lock from the Google Play store after publication. A Facebook spokesperson told Gizmodo by email that the app was launched as “a small, brief test.”