Some major smartphone apps are sending users data to Facebook presently even when they are not logged in or don’t have a Facebook account. User data sending apps send data to Facebook that could be used to identify you for ad tracking when you browse the social networking sites. This transfer of data happens even if the user doesn’t have an active account on Facebook at all.
In addition to Duolingo and Yelp, Privacy International investigated that Bible app, as well as two Muslim prayer apps and job search app called Indeed, are smartphone apps sending data to Facebook that could be used by it to track the user’s activity such as when that person opens Facebook in his / her smartphone so that the company can run ads at the proper time while users are busy in browsing social sites. This problem is universal across both android and iOS.
Rights group Privacy International found twenty-one such popular android apps that send the app privacy details to Facebook. These include Spotify, Skyscanner, Yelp, Duolingo, and Kayak. It is also highlighted that similar behaviour is displayed by Qibla connect and Muslim pro. Qibla connects and Muslim pro is the two Muslim prayer apps.
Now two-thirds of 21 reviewed apps are no longer able to send data to Facebook when the user installs or opens it, as said by the Rights group Privacy International. Some of these are Spotify, Kayak, and Skyscanner.
However, there is still some apps present that shows the same behaviour of sending data to Facebook such as Yelp, Duolingo, the King James Bible app, Connect, Muslim pro, as well as Indeed job search app. It is said by the developers of Duolingo that they will remove the Facebook SDK app events components from iOS and Android apps in its upcoming releases.
Different apps send different data about a person to Facebook which allows Facebook to design and build up a detailed picture of the person. For example, if the unique identifier was sent by a ‘Qibla connects’ ( a Muslim prayer app ) and a job searching app such as ‘Indeed’ then the person might be identifiable as a Muslim job seeker. Despite Apple’s much more stringent privacy protections and regulations, user privacy is not even safe in iOS also. This leads to creating a hugely problematic situation.
Facebook analytics tools called ‘ custom app events’ are used by several prominent iOS app makers for sending data such as financial data, sensitive health and fitness-related data with the social network. Their purpose behind this is to target people for ads. On android, sensitive data of the users such as call histories, contact details, real-time location data, and SMS data has been collected by Facebook for a long time. Their purpose in collecting these data is for improving the features like friend suggestions and for the propagation of ads to a large number of people.
App developers share data to Facebook without users consent
Facebook collects data indirectly from third-party apps and sends information about the usage of the app to the social network without users consent. App sending data to Facebook is known as a third-party app. They use the Facebook software development kit (SDK) for sharing relevant data of various people to Facebook. SDK is a set of software development tools that allow developers to build specific apps for a specific operating system. Privacy International (PI) found in its report that the apps which had between 10 to 500 million installs sent data to Facebook without being tensed about user privacy. It is not still clear about the number of apps sending data to the Facebook type of platforms to improve Facebook’s ad targeting tools.
In such situations, Facebook also put restrictions on the app developers to not misuse its developer tools by collecting the sensitive information of different users. Facebook routinely checks and tracks users, logged out users outside its platform and non-users by using Facebook business tools. The company has claimed that the majority of sensitive data like credit card numbers, bank account numbers, aadhar card numbers, society security numbers and many others are deleted automatically. But it is not clear about the use of data in the past either by Facebook or data collecting apps.
These third-party apps depend completely on the Facebook SDK to integrate their products with the services of Facebook like ad tracking tools and Facebook login. All the responsibility is put over the apps sending data to Facebook, to collect sensitive and relevant data of users lawfully. Privacy International’s ( PI ) research took several important steps against the violation of user privacy by apps sending data to Facebook directly without the user’s consent. A few months later Privacy International investigated to see if anything has changed. Not all but various data-sharing apps were being contracted after the initiation of these steps. It was obvious that the investigation done by Privacy International proved fruitful for Android as well as iOS users.
Privacy International contracted the European data protection supervisor and European data protection board. However, reaching out to applications directly and publishing their legal analysis proved to be an effective step for convincing various tech companies to improve their activities around taking the consent of the user before collecting any type of data.
This article dealt with the various third-party apps sending data to Facebook directly in various ways, how users’ privacy is being collected and used as an ad tracking and various responsibilities that are put over the third-party apps by Facebook. Privacy International played a very crucial role in the elimination of such practices. Various important steps were taken by it to curb these practices and its struggle proved fruitful. It is continuously working upon it.