In recent times, Facebook’s reputation has deteriorated a lot due to all its privacy vulnerabilities that have been discovered, such as the Cambridge Analytica scandal. However, things can always get worse. Discussions and news about vulnerabilities focused on tracking data by websites, including fines by data protection authorities. But less was known about the data Facebook receives from your smartphone applications.
In December 2018, the NGO Privacy International published through Android Police a report that revealed that 20 of the 34 most popular Android applications send data to FB without requesting prior permission from the user, even if you don´t have an account on the Zuckerberg´s social network.
We are talking about neither more nor less of MyFitnessPal, Duolingo, Kayak, Indeed, Shazam, Skyscanner, Spotify, TripAdvisor and Yelp, among other applications. These apps send data to Facebook at the time they open on a phone through a unique Google advertising identifier that allows FB to create a profile with all the associated information. In this way, it´s possible to identify a user by his religion (if he has installed a biblical, Koranic, or prayer app) and sex (if he/she installed a period tracker), and also to be able to see if he is looking for work by Indeed, he has children, etc. In some cases, it´s even worse: Kayak sent data to FB about flight searches or travel dates.
Some of the apps in question:
App developers share this data through Facebook SDK, which is a set of software development tools used to create applications for Android, iOS or other operating systems. Of course, this practice is illegal according to the General Data Protection Regulation of the European Union (GDPR), which entered into force in May 2018.
For this test, Privacy International used a free software program called Mitmproxy, which is an interactive HTTPS proxy. Thus, they were able to discover that Facebook SDK didn´t provide developers with the option of waiting for a user’s permission before sending data until a month after the introduction of GDPR, and even today, there are many applications that have not yet implemented the update.
For its part, Google argued in its defense that each user can deactivate the “ads personalization”, but as Privacy International has shown, this doesn’t prevent the apps from spying on users or using the data collected for non-advertising purposes.
FB was friendlier in responding. They are working on a series of changes in their platform, which includes a new option called “Clear History” and, with this, ensure that user data is not sent without their permission. The only app that responded to the report has been Skyscanner, who said they didn’t know they were sending data to Facebook.
For our part, we recommend using the applications that passed the Privacy International test and don´t transmit personal data to Facebook, such as Speedtest, Candy Crush, Opera and Dropbox. Hopefully more applications follow suit this year.
Other Trending News:- News
