Popular Android apps are sharing data with Facebook without consent

Judy Cobb
January 3, 2019

A recent study has found that many popular Android apps have been secretly sending private data to Facebook without asking permission from users. Meanwhile, numerous Android apps in question are not responding to requests for comment, apart from Skyscanner, which says it wasn't aware it was sending data to Facebook. Privacy International found that Facebook's developer kit did not give the option of waiting for a user's permission before sending some data until at least four weeks after the introduction of GDPR.

'This happens whether people have a Facebook account or not, or whether they are logged into Facebook or not, ' the firm explained.

Facebookhoovers up data from most Android apps - even if users are not logged in to Facebook, or don't have an account. It also shares information about the type of ticket someone is searching for.

It also noted that Facebook should also offer better services to make developers easily "protect the privacy of their users by design and by default".

Other data that is sent to Facebook includes the user's unique ID with Google, which helps advertisers build a "comprehensive profile" around a user, such as their gender, religion, interests, activities and other detailed information.

Privacy International said some apps sent particularly sensitive and detailed data to Facebook, such as the travel booking app Kayak.

Tesla has over 3000 Model 3s left in US inventory: Electrek
For customers taking delivery between July 1st and December 31st, 2019, the tax credit falls to $1,875. Tesla delivered 63,150 Model 3s in the quarter, falling short of FactSet estimates of 64,900.

"A prime example is the travel search and price comparison app Kayak, which sends detailed information about people's flight searches to Facebook, including: departure city, departure airport, departure date, arrival city, arrival airport, arrival date, number of tickets (including number of children), class of tickets (economy, business or first class)", Privacy International says.

This is in violation with privacy guidelines in several places, including Europe where the European Union data protection, GDPR (General Data Protection Regulation) came into effect on May 25, 2018. This feature was launched a few months after the EU General Data Protection Regulation entered into force. The data was being shared even before the user was asked for their permission.

The law will mark the biggest overhaul of personal data privacy rules since the birth of the internet.

The report also looked at how Facebook's policies compared against the requirements of Europe's GDPR and designing for data minimisation.

Among the apps that were identified in the study, Skyscanner insisted that it was "not aware" that it was sending user data without consent. But this was around 35 days after GDPR was implemented and now works only on Facebook's SDK version 4.34 and above.

Facebook probably can't wait for 2018 to end, a year that brought a garden variety of user privacy infringing issues for the world's largest social network, as well as more questions about the measures Facebook is willing to take to curb the spread of fake news and limit foreign influence on the network.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER