- "At least" 20 out of 34 popular Android apps found sharing sensitive data with Facebook without user consent.
- The apps are reportedly using an older version of Facebook Developer Kit
- Some app developers weren't even aware the apps have been sharing user data
It was found earlier that health and dating apps routinely violated user privacy by sharing data with Facebook. According to a study by Privacy International, “at least” 20 out of 34 popular Android apps are sending sensitive data to Facebook without explicit user permission. The apps include Kayak, Skyscanner, MyFitnessPal and TripAdvisor.
The report states that the data includes the analytics data that is sent during the app launch, as well as the unique Android ID. Later, the apps were found to send more sensitive data. Kayak, the popular flight-booking app, was found to be sending destination and flight search data, travel dates and whether or not someone is traveling with kids.
It can be argued that the data shared cannot directly be used to identify a specific user. The data can, theoretically, be used to recognise someone through indirect means. One can easily see who has the app installed or whether they are traveling with the same person.
There is also a concern that the apps may be violating European Union’s stringent privacy-focused GDPR regulations by collecting data without taking explicit consent from the users. In fact, Facebook’s developer kit didn’t have the option to ask for permission until the GDPR laws took effect. Once the rules were put into effect, Facebook did offer a way to let apps ask for user permission, but it’s not clear how many developers went ahead and implemented it. There are many apps that are using older versions of the developer kit, as claimed by the study. The report claims that Skyscanner was “not aware” it was sending data without user permission.
Facebook is reportedly working a “clear history” option and has stressed that developers have the choice to turn off automatic data collection. Nevertheless, it is yet another instance of Facebook failing to protect the interests of its users. In this case, app developers are equally at fault by not keeping up to date with changing regulations and failing to adapt newly rolled out rules about user privacy.