Major apps on Google’s Android smartphones are still reportedly sending data to Facebook, even if the user doesn’t have a Facebook account.
It was originally revealed in December that Android apps were sending data to Facebook, and most of the identified apps, including Spotify, Skyscanner, and Kayak, have since been updated to fix the issue.
However, other major Android apps which are also sending data to Facebook have now been discovered.
According to the Verge, which sourced a report from Privacy International, apps like Yelp and Duolingo are sending “data that could be used to personally identify you for ad tracking straight to Facebook immediately upon logging in.”
“This data transfer happens even if a user isn’t logged into Facebook on that device and even in the event the user doesn’t have an active Facebook account at all,” the Verge reported, adding that “two Muslim prayer apps,” a “bible app,” and “a job search app called Indeed” also sent data to Facebook.
In a blog post, Privacy International declared, “This is hugely problematic, not just for privacy, but also for competition. The data that apps send to Facebook typically includes information such as the fact that a specific app, such as a Muslim prayer app, was opened or closed. This sounds fairly basic, but it really isn’t. Since the data is sent with a unique identifier, a user’s Google advertising ID, it would be easy to link this data into a profile and paint a fine-grained picture of someone’s interests, identities and daily routines.”
“And since so many apps still send this kind of data to Facebook, this could give the company an extraordinary insight into a large share of the app ecosystem,” Privacy International explained. “We know how valuable such information is, because documents released by the UK parliament show how Facebook used its Onavo virtual private network (VPN) app to gather usage data on competitors.”
Privacy International allegedly “raised the issue of third-party tracking on apps with the European Data Protection Board and the European Data Protection Supervisor,” and has “written to every single app that still sends too much data to Facebook and asked them to release an update.”
Duolingo reportedly “promised” to “remove the Facebook SDK App Events component from both the Android and iOS apps in the next version releases,” in order to combat the issue.
In March 2018, it was also revealed that Facebook had been collecting user phone call and text data through the official Facebook Android app, and in January, it was reported that Facebook had been paying teenagers to install a VPN which would allow the social network to “suck in all of a user’s phone and web activity.”