Facebook's track record with privacy is a rocky one, but the idea of giving up some personal information is seen by many users as an acceptable price to pay to use the social network. But a survey by Privacy International has found that many Android apps share data with Facebook about people, regardless of whether they are logged into their Facebook account … or even have a Facebook account at all.
The results of the survey raise questions about Facebook's openness in handling user data (and non-user's) data and privacy implications of profiling the social network, especially followed by the Cambridge Analytica scandal.
The Privacy Group tested a total of 34 popular Android apps between August and December 201
Summary of Findings, says Privacy International:
- We found that at least 61 percent of the apps we tested automatically transfer data to Facebook the moment a user opens the app . This happens if people have a Facebook account or not, or they are signed in to Facebook or not.
- Usually, the data being transferred is automatically event data communicating to Facebook that the Facebook SDK has been initialized by transferring data such as "App Installed" and "SDK Initialized". This data shows that a user uses a specific app each time the user opens an app.
- In our analysis, apps that automatically transfer data to Facebook share this data with a unique identifier, Google Advertising ID (AAID). The primary purpose of advertising IDs, such as the Google Advertising ID (or Apple's equivalent, IDFA), is that advertisers can link user behavior data from different apps and browsers into a comprehensive profile. If combined, data from different programs can paint a nice and intimate image of people's activities, interests, behaviors and practices, some of which can reveal specific category data, including information on people's health or religion. For example, a person who has installed the following apps that we have tested, "Qibla Connect" (a Muslim prayer app), "Period Tracker Clue" (a time tracking), "Indeed" ("My Talking Tom"), can potentially profiled as likely female, likely Muslim, likely job seeker, likely parent.
- If combined Event data such as "App installed", "SDK Initialized" and "Disable app" from different applications also provides a detailed insight into the usage behavior of the app to hundreds of millions of people.
- We also found that some apps routinely send Facebook data that is incredibly detailed and sometimes sensitive. This again applies to data from people who are either logged out of Facebook or who do not have a Facebook account. A good example is travel search and price comparison app "KAYAK", which sends detailed information about people's flight search to Facebook, including: departure city, departure airport, departure date, arrival city, arrival airport, arrival date, number of tickets (including number of children), class of tickets (economy, business or first class).
What is perhaps most worrying is that it is not possible to tell how Facebook uses the data collected in this rather strange way.
You can check out the entire report – entitled How Apps on Android Share Data with Facebook (even if you don't have a Facebook account) – on the Privacy International Website.
Caption: CHAINFOTO24 / Shutterstock