UK-based human rights charity Privacy International has released a report about Android apps sharing users' data with Facebook, even if they don't have an account.
Key findings
- We found that at least 61 percent of apps we tested automatically transfer data to Facebook the moment a user opens the app. This happens whether people have a Facebook account or not, or whether they are logged into Facebook or not.
- We also found that some apps routinely send Facebook data that is incredibly detailed and sometimes sensitive. Again, this concerns data of people who are either logged out of Facebook or who do not have a Facebook account.
Facebook spying on people is hardly news, but I figured Soylentils might be interested to hear about which companies decided to trust the Facebook SDK.
(They only tested Android apps, but it's likely that iOS versions of also use the Facebook SDK)
(Score: 4, Insightful) by bradley13 on Tuesday January 01 2019, @10:56AM (2 children)
This is not only Facebook's fault. The app developers need to answer two questions:
- Why are they using the Facebook SDK for an app that has zilch to do with Facebook? Presumably they offer the option to log in via Facebook, or to share things on Facebook, or... Offering that option is on them.
- Why are they calling the Facebook API to initialize it, before they actually need it? If the user isn't even logged in, and hasn't done anything requiring a Facebook call, there's no reason to initialize it. That's a rhetorical question, the answer is that the developers have an initialization process that sets up everything. Which is bad practice to begin with: a failure in some optional component that a particular user doesn't even need will bring down their entire app.
Which doesn't excuse Facebook, of course. There's no reason for their APi to call the mothership, when the user hasn't even requested anything. They're clearly doing this specifically to gain tracking data. The fact that they offered an option to disable this functionality after the GDPR took effect (which was announced, what, two years in advance?) shows that they wanted to get away with this behavior as long as possible. I hope they get sued under the GDPR and get nailed.
Everyone is somebody else's weirdo.
(Score: 4, Interesting) by zocalo on Tuesday January 01 2019, @11:59AM
Sadly, I don't think this is going to convince many more people too #DeleteFacebook though. At this point if you're still using it of your own volition then you've pretty much decided your privacy is worthless anyway.
UNIX? They're not even circumcised! Savages!
(Score: 2, Informative) by Anonymous Coward on Tuesday January 01 2019, @04:18PM
This happens on the 'normal' web as well. I use ublock and noscript to stop it. Most people 'train' noscript to work. I just leave it in default state most of the time. The facebook urls pop up quite frequently as well as the google ones.