The leading Android mobile apps from companies such as Yelp and Duolingo send data that could be used to personally identify you for tracking ads directly on Facebook immediately after you sign in, according to a new report from the UK watchdog and charity group based in London. International Privacy (PI). This data transfer occurs even if a user has not logged in to Facebook on that device and even if the user does not have an active Facebook account.
In addition to Yelp and Duolingo, PI found that two Muslim prayer applications, as well as a bible application and a job search application called Indeed, also sent similar data to Facebook that could be used to help identify users for ad targeting purposes When they browse the social network. It is not clear exactly what type of data is being sent in this case, other than that a user opened the application at any given time, but the PI report says that this transmission may also reveal custom identifiers that help Facebook track that user through its network of services. and when that person opens Facebook on a mobile device.
The report is based on a similar IP investigation last December that revealed for the first time that reputable Android applications were sending data to Facebook without the consent of a user and without proper disclosure. It also highlights that this problem is universal in both iOS and Android; Last month, The Wall Street Journal revealed that this same set of developer tools that scrape the data when you use a mobile application and send it to Facebook are used in iPhone applications, despite the rules of much stricter Apple privacy.
"This is hugely problematic, not only for privacy, but also for competition." The data that applications send to Facebook often includes information such as the fact that a specific application, such as a Muslim prayer application, was opened or closed, "reads the PI report, published today. "This sounds pretty basic, but it really is not." Since the data is sent with a unique identifier, the user's Google advertising ID, it would be easy to link this data into a profile and paint a detailed picture of the interests , identities and daily routines of someone. "
As privacy of Facebook practices are subject to even greater scrutiny after last year's Cambridge Analytica data privacy scandal, it is highlighting the lesser-known agreements between large companies of advertising and the smaller application manufacturers that use these platforms to reach new users and target existing ones with ads, as revealed by the WSJ last month, a number of leading application makers iOS uses a Facebook analysis tool known as "custom application events" that, in this case, shared confidential data about health d, physical condition and finances with the social network for advertising purposes.
On Android, Facebook has long collected sensitive data from users, such as contact records, call histories, SMS data and location data in real time, in order to inform the targeting of their ads and improve features like suggestions from friends. However, the practices have provoked a vocal protest from privacy advocates and concerned users. Facebook is accumulating too much data about their personal lives and behaviors online and offline. After reports on Facebook's use of its location tracking capabilities to capture the company's interns who skip work, he said it would allow Android users the ability to explicitly disable the feature.
In this case, PI is underlining one of Facebook's long-standing indirect data collection policies, one that relies on third-party applications to collect and autonomously send information about the application's use to the network without informing users about the agreement.
"Facebook routinely tracks users, non-users and users who have left their platform through the tools "Facebook developers." Application developers share data with Facebook through Facebook's Software Development Kit (SDK), a set of software development tools that help developers create applications for a specific operating system. " explained PI in the initial report of December 2018. The report found that almost two thirds of the 34 Android applications tested by PI, including major brands such as Spotify and Kayak and all those with between 10 and 500 million installations, sent information to Facebook without informing users or obtaining their express consent.
PI says that several applications they followed the practice after their December report. Similarly, most of the iOS application operators highlighted in the report WSJ also stopped using Facebook's analytics and development tools to collect confidential user data. However, it seems that some applications, such as Yelp and Duolingo, continue to do so. PI says that it is in contact with Duolingo, and the company agreed to suspend the practice, but it is not clear how many applications in the Android or iOS ecosystem may be dodging the privacy policies of Apple and Google users to improve the orientation of Facebook ads. tools
In these situations, Facebook attributes to the creators of applications the responsibility not to break the rules of the platform or to make an incorrect use of its developer tools through the collection of confidential information. The company has also stated that it does not use most of this confidential data and, in some extreme cases, such as credit card numbers and Social Security numbers, it automatically deletes them. But it is not clear why data is collected in the first place and what forms have been used in the past, either by the applications that collect them or by Facebook.
"Applications relay to the Facebook SDK to integrate their product with Facebook services, such as Facebook's sign-in and tracking tools, but Facebook places all responsibility on applications to ensure that the data they send to Facebook has been compiled legally, "reads the PI report. Facebook is not immediately available for comment.