Zack Whittaker, reports for TechCrunch how Facebook, through its banned Research app, was able to obtain the personal and sensitive device data of about 187,000 users.

He writes:

The social media giant said in a letter to Sen. Richard Blumenthal’s office — which TechCrunch obtained — that it collected data on 31,000 users in the U.S., including 4,300 teenagers. The rest of the collected data came from users in India.

Read that carefully. Of the 187,000 users that Facebook snooped data from, (only) 31,000 were from the U.S. The rest of the users were from India, which makes it about 156,000 users. According to the letter obtained by TechCrunch, a whopping 34,000 users were between the ages of 13 and 17, of which 4,300 were from the US, which means close to a whopping 30,000 users from India whose data Facebook was snoop ing on were underage.

These “research” apps relied on willing participants to download the app from outside the app store and use the Apple-issued developer certificates to install the apps. Then, the apps would install a root network certificate, allowing the app to collect all the data out of the device — like web browsing histories, encrypted messages and mobile app activity — potentially also including data from their friends — for competitive analysis.

The fact that Facebook collected data from over 1.5 Lakh Indian users, of which close to 30,000 users were between 13 and 17 years of age, is truly mind-boggling.