The British company Privacy International revealed on Sunday at 35 Chaos Communication Congress how app developers deliver data to Facebook, even if users are not Facebook users.
The company conducted a research into the issue, testing 34 Android applications that have between 10 and 500 millions of users, and said it was "very concerned" about how users' data was being "exploited" on its back-end systems. Facebook and Google.
Privacy International found that 23 from the apps tested sent Facebook data (data that tells the social network that a user has opened or closed a specific app along with device information, language settings, and time zone). Apps also sent the user's Google ad's ID, which allows tracking companies to easily match their user profiles.
By doing a special treatment in the Kayak travel application, the researchers discovered that they provided Facebook data with every search within the application: search time, departure and arrival city, airport and date, number and category of tickets.
Privacy International pointed out that this behavior was repeated regardless of whether the user had disconnected from Facebook or had no social networking account.
"Facebook offers analytics and advertising services to application developers, which help them get centralized information on how people handle their applications, which is a common practice for many companies," Facebook said in a privacy statement. International.
Facebook also highlighted the Clear History feature, first announced in May during the scandal Cambridge Analytica, as a means of handling complaints from Privacy International.
Privacy International also looked at how Facebook's policies compare to the GDPR requirements of Europe and the plan to minimize data.
However, with applications transferring data to Facebook before the user can use the application, Privacy International said there are many questions about whether there is any legal basis for data transfer.
"The fact that the default SDK application automatically transmits data when an application opens and that it released a feature to delay this transmission in July of 2018 (meaning Clear History) raises questions about Facebook's liability to developers as and the company's compliance with data protection, ”Privacy International said.
It is difficult to protect yourself from the kind of data exchange we have described in this survey.
Let's recall that last month, Facebook was once again exposed to users' data when it revealed an error in one of its APIs, exposed private photos of about 6,8 million users.
In October, we passed social network announced that unknowns had combined three bugs to access million token IDs of 30 token.