A recent report outlines how a secretive company named Banjo allegedly employed similar methods to Cambridge Analytica to scrape the personal data of social media users using fake apps offered by a shadowy company it controlled, “Pink Unicorn Labs.”
VICE News reports that an artificial intelligence company namedBanjo that has worked with law enforcement agencies used a shadow company to develop Android and iOS apps that were designed to secretly scrape information from social media while appearing to be completely innocuous.
VICE News reports that Bajo created a secret company called Pink Unicorn Labs according to former employees. The secret company was reportedly established to avoid detection by social networks. VICE News writes:
Three of the apps created by Pink Unicorn Labs were called “One Direction Fan App,” “EDM Fan App,” and “Formula Racing App.” Motherboard found these three apps on archive sites and downloaded and analyzed them, as did an independent expert. The apps—which appear to have been originally compiled in 2015 and were on the Play Store until 2016 according to Google—outwardly had no connection to Banjo, but an analysis of its code indicates connections to the company. This aspect of Banjo’s operation has some similarities with the Cambridge Analytica scandal, with multiple sources comparing the two incidents.
“Banjo was doing exactly the same thing but more nefariously, arguably,” a former Banjo employee said, referring to how seemingly unrelated apps were helping to feed the activities of the company’s main business. Motherboard granted four former employees and another source close to the company anonymity because they had signed non-disclosure agreements with Banjo.
VICE examined some of the apps developed by Pink Unicorn Labs and found that many contained code that mentions signing into Facebook, Twitter, Instagram, FourSquare, Google Plus, Russian social media site VK, and Chinese social network Sina Weibo. VICE News writes:
“They were shitty little apps that took advantage of some of the data that we had but the catch was that they had a ton of OAuth providers,” one of the former employees said. OAuth providers are methods for signing into apps or websites via another service, such as Facebook’s “Facebook Connect,” Twitter’s “Sign In With Twitter,” or Google’s “Google Sign-In.” These providers mean a user doesn’t have to create a new account for each site or app they want to use, and can instead log in via their already established social media identity.
The apps were reportedly designed mainly to gain access to people’s social media information, something which tech firm Cambridge Analytica was highly criticized for in 2018. Discussing the Cambridge Analytica scandal, one former Banjo employee stated: “Banjo was doing exactly the same thing but more nefariously, arguably.”
Read the full report at VICE News here.