The British company Privacy International revealed on Sunday at 35 Chaos Communication Congress how app developers deliver data to Facebook, even if users are not Facebook users.
The company conducted a study on the subject, with tests on 34 applications Android that have between 10 and 500 million users, and says it is "particularly concerned" about how user data is being "exploited" in the back-end systems of Facebook and Google.
Privacy International found that 23 of the apps tested sent data to Facebook (data that tells the social network that a user opened or closed a specific app along with information about the device, settings language and time zone). The applications also sent the user Google Ad ID, which allows tracking companies to easily match user profiles.
By doing a special treatment in the Kayak travel application, the researchers discovered that they provided Facebook data with every search within the application: search time, departure and arrival city, airport and date, number and category of tickets.
Privacy International pointed out that this behavior was repeated regardless of whether the user had disconnected from Facebook or had no social networking account.
“Facebook offers services analytics and advertising to app developers, which help them get aggregated information about how people engage with their apps, which is a common practice for many companies,” Facebook told Privacy International.
Το Facebook επεσήμανε επίσης την λειτουργία Clear History, που ανακοινώθηκε για πρώτη φορά τον Μάιο κατά τη διάρκεια του σκανδάλου Cambridge Analytica, as a means of handling complaints from Privacy International.
Privacy International also looked at how Facebook's policies compare to the GDPR requirements of Europe and the plan to minimize data.
However, with applications transferring data to Facebook before the user can use the application, Privacy International said there are many questions about whether there is any legal basis for data transfer.
"The fact that the default SDK application automatically transmits data when an application opens and that it released a feature to delay this transmission in July of 2018 (meaning Clear History) raises questions about Facebook's liability to developers as and the company's compliance with data protection, ”Privacy International said.
It is difficult to protect yourself from the kind of data exchange we have described in this survey.
Let's recall that last month, Facebook was once again exposed to users' data when it revealed an error in one of its APIs, exposed private photos of about 6,8 million users.
In October, we passed social network announced that strangers had combined three errors to access token IDs of 30 million accounts.
______________________
- Facebook: we have the social network we deserve
- See how much time you spend on Facebook
- Facebook download the videos you care about
