Apps Share Data With Facebook, Even if No FB Account

John Lister's picture

20 popular Android apps are sharing user data with Facebook without permission, according to a new report. Privacy International says the data sharing happens even if the user doesn't have a Facebook account.

The organization tested 34 apps, each of which have been installed at least 10 million times on Android devices. It looked at data that was transmitted through the Facebook Software Development Kit (SDK).

The kit is a set of tools that are designed to help app developers coordinate their apps with the Facebook system. This is more commonly associated with retrieving data from Facebook, for example letting people log in to an app or associated online service using their Facebook account rather than typing in a fresh user name and password each time, for each app. In these cases, the data was flowing from the app to Facebook.

Flight Details Shared

Out of the 34 apps, 21 of them shared data directly with Facebook as soon as the app was started. This happens regardless of whether the user has Facebook open, is logged in, or whether they even have a Facebook account.

In a few cases, the data was extremely detailed. For example, the travel price comparison app KAYAK sent Facebook precise details of flight searches and bookings. (Source: privacyinternational.org)

In other cases, the data appears at first glance to be more innocuous, consisting simply of telling Facebook that the user has opened the app in question. The problem is that this detail is sometimes accompanied by the user's Google advertising ID, which is designed to identify the individual. (Source: mashable.com)

Demographics Deduced

This ID means Facebook can combine the clues from this data to build up a detailed profile of the individual based on which apps they open and how often.

Privacy International gives the example of combining the presence of a Muslim prayer app, a period tracker app, a job search app, and a children's app to create a strong likelihood that the user is a Muslim mother looking for a job.

Facebook has not commented publicly on the report. It's unclear exactly what it is doing with the data gathered in this way or whether it passes it on to any third party.

The apps which sent the data to Facebook as soon as they were opened were:

  • Calorie Counter – My Fitness Pal
  • Clean Master
  • Duolingo (*)
  • Family Locator GPS Tracker
  • Indeed Job Search
  • Kayak (*)
  • King James Bible (*)
  • Muslim Pro – Prayer Times, Azan, Quaran & Qibla
  • My Talking Tom
  • Period Tracker Clue
  • Qibla Connect
  • Salatuk
  • Security Master
  • Shazam
  • Skater Boy
  • Skyscanner (*)
  • Spotify
  • Super-Bright LED Flashlight
  • Tripadvisor
  • VK
  • Yelp

(Those marked with an * also sent a Google tracking ID.)

What's Your Opinion?

Should app developers make it clear they are passing on data in this way? Are you surprised to learn this happens even if you don't have a Facebook account? Is it a serious problem that Facebook could piece together a profile of app users?

Rate this article: 
Average: 5 (7 votes)

Comments

Ksands2_10892's picture

I don’t think they should be sharing it period. That being said, if they’re going to do it people should at least be warned (and not in tiny hidden print) that it’s being done. I assume the same sharing is being done with iPhones.

jamies's picture

It would be really useful to indicate the apps that were tested, along with indications of the good bad and (currently) innocuous.
Or am I missing part of the web post?

Dennis Faas's picture

The article has been updated to include the list of apps that connected to Facebook servers when opened.

jamies's picture

Dennis,

Thanks very much for the app names
That's Kayak and Tripadvisor I'll be NOT using, and
in view of that disclosure, avoiding on the windows PC too.

Now - "•Family Locator GPS Tracker" That I would have expected to be intrusive - but sending data to Facebook -
Bad dog!

David's picture

Gratitude.

JimBo's picture

Everyone is looking at this from every angle possible except for the correct one. The simple business model here is to make money. Exploitation of human nature to want "free" things is the technique used. The premise being that people do not have a clue what information about them is actually worth thus making it easy to strike up a deal with the devil. (Europeans gained a better understanding of this during World War II but younger generations are quickly forgetting.)

So, the first thing to do is to put a public price on personal data being collected. People collecting the data know exactly how much it's worth since they sell it for profit. Armed with that simple bit of knowledge, a new business model for app development can surface with an option to "pay for privacy" in order to offer a totally secured version of the new app. This might only be say $0.30 a month.

My bet is you would be greatly disappointed to see just how cheaply your personal information is being sold. Hundreds of millions of people at just a few cents each becomes a very large pile of cash.

The other problem is the granny's and grandpas in the House and Senate that just don't see computer stuff as any big deal. (They also don't care too much about e-privacy especially if it blocks them from knowing what you "might" be up to.)

Well - Here we are. Change can be brought about several ways. Other than that described above, one way I can see is to dilute the collected base of data with enough bogus information to render purchase by 3rd parties an improbability. Maybe millions of benevolent infesting auto bots?

Anyone got another idea?

scowei's picture

I don't see Facebook or any other social media platform ever allowing anyone to pay to opt out of data sharing or ads. Why? Because the people with the best demographic profile for sales (ones with higher disposable income) will remove themselves from the consumer pool, leaving advertisers with the lower-spending people. They won't like that.

I think the only way this will happen is if an entirely new social network becomes popular that is 100% a subscription model from the beginning. Vero (https://www.vero.co/) is one such, but I don't know how it's doing. Network effects are very important, so a mass of people have to switch in order to convince others to switch...chicken and egg thing.

There has to be a tipping point, I think, that causes a mass exodus. Congressional hearings, lawsuits that reveal shocking information, massive data breaches with significant personal consequences might do the trick. Of course, the youth are already bailing out of Facebook and have been for a while, so that may help, too.

One other thing: I don't think it's enough for a company to tell you once what they are doing with your data, even if the controls are very easy to understand. I think that legally they should have to tell you annually and lead you through the process of deciding what to share and what not to share. Annual re-certification.

Focused100's picture

I'm not surprised that this is going on. I just wish you had pointed out which apps are doing this so I could restrict or delete them. Where ca we go to get a list of the offenders?

matt_2058's picture

I'm not surprised by this. Who would be? Data is today's new Gold. The link to Facebook is expected....like the Facebook apps you can't delete unless you root the device. The then are the apps that have limited permissions with the initial install, but open the floodgate when you update the app. I believe like many other users, that apps should not be able to share the info. Afterall, you agree to the terms of a particular app, not the other hundred you chose not to install.

Jimbo is right about the granny and grampaw Congress. They have no clue as to what is happening in the lives of citizens, especially when it comes to the digital age. My father didn't believe me when I told him I could get all his property info off the internet. Tax rolls have alot of information.

In today's age, there is no privacy. Data collection all in the name of convenience....apps, credit cards, discount for your email, etc.

pctyson's picture

That information was deemed public long before the internet made it easier to access. The only difference was that you had to go down to your local city hall to find that information. Most state legislatures enacted laws requiring that the information be made available on the internet. Investors would go down to their local city hall, find out who was behind on their taxes, and determine if the local government was about to take action against the owners. They would then use that information to try and get the properties from the owners at a substantial discount.
My only guess is that information was originally made available so that everyone could see that taxes were being doled out "fairly".

beach.boui's picture

This is a contemptible and egregious violation of privacy and trust. Plain and simple. I hope and pray this results in a class action law suit and someone pays dearly.

David's picture

Which organization, which apps? Leaving this information out makes the entire article rather pointless. I would want to identify if I have any of the offenders installed, and choose to either uninstall them or at least give them a 1-star rating for privacy abuse.