Facebook denied Aran Khanna an internship after the company learned that his app highlighted a flaw in its Messenger service, says a report from Boston.com. His app made use of a privacy flaw in the Messenger app that automatically shares a user’s location with anyone they message. Of note, Facebook was aware of the flaw in question for three years and did nothing about it.

Facebook Reneges On Harvard Student's Internship For Exposing Privacy Flaws

Aran exposed privacy flaws

Aran’s app, called the Marauder’s Map, is a Chrome extension that uses Facebook Messenger to track where users are when they send messages.

The App went viral just after Aran tweeted about it on May 26 and posted it on Reddit and Medium. Facebook also instantly heard about the app. The social giant asked Khanna to disable the app after three days, and then went ahead and deactivated location sharing from the desktop, ensuring that the app wouldn’t work even if the Harvard student hadn’t shut it down. Khanna said the app was downloaded more than 85,000 times before it was deactivated.

A week later, Facebook updated the Messenger app, saying, “With this update, you have full control over when and how you share your location information.” But, the social networker did not even mention the problematic earlier default settings or highlight the consequences for those who did not go ahead with the update. The company did claim that it was working on the update before the Aran posted his user location app.

Facebook punished app creator for good deed

Khanna’s future manager at Facebook called him just a day after Marauder’s Map was posted, and told him not to discuss it with the press. The very next day, he was told to deactivate the extension, and he compiled. However, he also gave an explanation on his Medium blog of why he is pulling the app.

Aran also got a call from a Facebook employee, informing him that the company was reneging on his summer internship because he violated Facebook’s user agreement when he scraped the site for the data. But Khanna told Boston.com that the data he used were from his own messages, meaning it was available to all Facebook users and not just employees. A few days later, Aran received an email from Facebook’s head of global human resources and recruiting, saying that his Medium post violated the ethical standards expected of interns.

Aran’s case certainly does raise some questions about Facebook, which was launched from a Harvard dorm room, and has now reneged on the internship of a  Harvard student who launched an app from his dorm room.