A study of 34 of the most popular Android apps found that at least 20 of them are sending user data to Facebook without consent.
The data transmitted ranges from the innocuous to the sensitive – such as whether the user has children – and is likely to be illegal in the case of European citizens …
Apps found to be doing this include Kayak, MyFitnessPal, Skyscanner and TripAdvisor. Update: Skyscanner advises that it has updated the app so that it no longer shares data via the Facebook SDK.
The Financial Times reports that the data is transmitted as soon as the app is opened.
This is almost certainly in breach of Europe’s privacy law, the General Data Protection Regulation (GDPR). This requires that users be asked for their consent before any personal data is collected.
The information sent instantly included the name of the application, the unique identification of the user with Google and the number of times the application was opened and closed since it was downloaded. Some, such as Kayak, the travel site, then sent detailed information about people’s flight searches to Facebook, including travel dates, if the user had children and what flights and destinations they had searched for.
It’s not just users affected by the problem: application developers are potentially left liable to a maximum fine of 4% of their annual turnover by a Facebook SDK.
Although Facebook subsequently claimed an SDK update would solve the problem, many popular apps are still not using it, and some developers are complaining that it continues to happen even when using the new SDK.
“At least four weeks after GDPR, it was not even possible to ask for consent, due to the default configuration of the Facebook SDK [software development kit] which means that the data is automatically shared at the moment the application is opened” , He said.
Several application developers have complained about the problem to Facebook since May, reporting bug reports on Facebook’s developer platform that they said they could not comply with the law.
There is a particular risk to privacy when data is gathered from multiple apps, says the report.
In addition to the data being available to Facebook, any data collection runs the risk that it could be vulnerable to hackers. Facebook admitted back in October that hackers had been able to access data from 30 million users of the social network.
The issue does not appear to arise with the iOS versions of the apps.
Photo: Shutterstock
Check out 9to5Google on YouTube for more news: