Onavo
A mobile analytics firm acquired by Facebook that operated a 'protective' VPN app, which was forcibly shuttered after being exposed as a corporate surveillance tool that violated Apple's privacy policies.
The Autopsy
| Section | Details |
|---|---|
| Startup Profile | Founders: Guy Rosen, Roi Tiger Funding: Raised $13M from Sequoia Capital, Magma Venture Partners, and Horizons Ventures before being acquired by Facebook in 2013 for ~$120M |
| Cause of Death | Other: Platform De-platforming: Apple removed the app from the App Store in August 2018 for violating 'data collection' rules by harvesting info on other installed apps. Privacy Scandal: Exposed for 'Project Ghostbusters,' a secret program to intercept and decrypt encrypted traffic from competitors like Snapchat and Amazon. Strategic Shutdown: Facebook sunset the brand in 2019 following a TechCrunch investigation into the 'Facebook Research' app, which paid teens to install Onavo-based spyware. |
| The Critical Mistake | Weaponizing Privacy for Surveillance: Marketing a product as a 'Security & Privacy' tool (VPN) while using it as a Trojan horse to strip away user privacy for competitive intelligence, leading to a terminal breach of trust with both users and platform gatekeepers (Apple). |
| Key Lessons |
|
Deep Dive
Onavo was born in 2010 as a clever utility app designed to help users save money on mobile data through compression. Its VPN product, Onavo Protect, was marketed to millions as a way to browse securely and block malicious websites. However, behind the scenes, Onavo was the 'eyes and ears' of Facebook's competitive strategy. It provided the social media giant with a granular look at what apps people were using, how often they used them, and even what they did inside them. The Intelligence Engine Facebook's acquisition of Onavo for $120 million in 2013 was one of its most strategic moves. The data gathered through Onavo was reportedly the 'early warning system' that told Mark Zuckerberg to acquire WhatsApp for $19 billion. By seeing exactly how fast WhatsApp was growing on users' phones compared to Facebook Messenger, the company could neutralize threats before they became insurmountable. This 'spyware' model worked perfectly for years, hidden in plain sight within the app's fine print. The Apple Conflict The downfall began in 2018. Apple, doubling down on its 'Privacy as a Human Right' branding, updated its App Store policies to explicitly forbid apps from collecting data about other apps on a user's device for analytics or advertising. Onavo's entire reason for existence (under Facebook) was this very practice. After a series of tense meetings, Apple forced Facebook to voluntarily pull Onavo from the iOS App Store in August 2018. Project Ghostbusters and the Teen Scandal The final nails in the coffin came through investigative journalism. It was revealed that Facebook had launched 'Project Ghostbusters'—named after Snapchat's ghost logo—specifically to use Onavo's technology to decrypt the SSL-protected traffic of competitors. Even worse, Facebook had bypassed Apple's ban by creating a 'Research' app that paid teenagers $20 a month to sideload Onavo-powered root certificates, giving Facebook total access to their phone activity. The Final Sunset By February 2019, the backlash was too great to sustain. Apple had briefly revoked Facebook's entire internal developer certificate system as punishment, effectively shutting down Facebook's internal employee apps. Facing global investigations and a toxic brand image, Facebook announced it would sunset the Onavo brand entirely and cease its 'unpaid market research' programs. Onavo's story is a definitive case study in the Social Media and Fintech/Privacy space: when you build a product based on a lie, the gatekeeper eventually finds the truth.
Key Lessons
Privacy is not just a feature; it's a legal and ethical boundary. Misusing it as a data-collection mask leads to catastrophic regulatory and platform risk
Platform dependence (App Store) is absolute; if your business model relies on violating a platform's core privacy values, the gatekeeper will eventually kill you
Corporate 'acqui-hires' can lead to ethical rot; once a neutral tool becomes a weapon for a parent company's market dominance, its original utility is lost