A study conducted by Frederike Kaltheuner with the Privacy International campaign group found that among 34 popular Android apps, at least 20 of them sent user data to Facebook without the user’s consent. Some of the data sent to Facebook was unimportant, while some were very sensitive – for example, one was whether the user has children.
In the case of citizens from Europe and according to the General Data Protection Regulation (GDPR), sharing this kind of information without a user’s consent is illegal.
Apps that did this are Kayak, MyFitnessPal, Skyscanner, and TripAdvisor, whereas Skyscanner released an update to no longer share data via Facebook SDK.
According to The Financial Times, as soon as the app is opened, the data gets transmitted to Facebook. Here are some detailed parts of the report:
The information sent instantly included the name of the application, the unique identification of the user with Google and the number of times the application was opened and closed since it was downloaded. Some, such as Kayak, the travel site, then sent detailed information about people’s flight searches to Facebook, including travel dates, if the user had children and what flights and destinations they had searched for.
GDPR in Europe requires that users must consent before their data is collected. App devs will be fined with 4% for doing this without the users’ consent. Frederike Kaltheuner added the following:
At least four weeks after GDPR, it was not even possible to ask for consent, due to the default configuration of the Facebook SDK [software development kit] which means that the data is automatically shared at the moment the application is opened.
Unfortunately for the app developers, Facebook’s SDK update didn’t solve this problem, and they stated that sharing the data continues to happen even if they use the new SDK. When several apps used by a person send user data to Facebook, there is a privacy risk, added the report:
For example, a person who has installed the following applications that we have tried, Qibla Connect (a Muslim prayer application), Period Tracker Clue (a period tracker), Indeed (a job search application), My Talking Tom (an application for children), could be outlined as probable woman, probably Muslim, probable job applicant, probable mother.
Moreover, all of this data can be vulnerable to hackers – in October Facebook was hacked and 30 million users’ data was accessed.
The iOS versions of Facebook do not have this issue.
Robert J. Smith is still early into his career as tech reporter but has already had his work published in many major publications including JoyStiq and Android Authority. In regards to academics, Robert earned a degree in business from Fordham University. Robert has passion for emerging technology and covers upcoming products and breakthroughs in science and tech.