Popular Android apps have been reporting back to Facebook without your consent

Adjust Comment Print

For good measure, the apps also included the user's Google advertising ID just to really hammer home the creepiness.

Privacy International conducted the study and found that at least 61% of apps they tested send this data to Facebook. The data was being shared even before the user was asked for their permission.

Apps on Android smartphones, including music streaming service Spotify and travel site TripAdvisor, were among apps found to be sending data by researchers at campaign group Privacy International.

The data shared sounds pretty innocuous by itself: typically, the apps communicate to Facebook that a user has started using the app by sending a signal that Facebook's SDK has been initialized.

More news: Vatican spokesman Greg Burke resigns suddenly

Facebook and its leadership are coming under intense scrutiny at the moment amid ongoing concern about the tech giant's handling of user data. A prime example is the travel search and price comparison app "KAYAK", which sends detailed information about people's flight searches to Facebook, including: departure city, departure airport, departure date, arrival city, arrival airport, arrival date, number of tickets (including number of children), class of tickets (economy, business or first class).

Read about the saga of Facebook's failures in ensuring privacy for user data, including how it relates to Cambridge Analytica, the GDPR, the Brexit campaign, and the 2016 U.S. presidential election. It found that almost two thirds of apps sent data to Facebook as soon as they were launched - and it made no difference whether a user had a Facebook account, or was logged out of a Facebook account.

A Facebook spokesperson told Yahoo News, 'Facebook's SDK tool means that developers can choose to collect app events automatically, to not collect them at all, or to delay collecting them until consent is obtained, depending on their particular circumstances.

The tested apps were for Android phones only, not iPhones.

More news: Federer wins bragging rights over Serena after first-ever face-off

"If combined, data from different apps can paint a fine-grained and intimate picture of people's activities, interests, behaviors and routines, some of which can reveal special category data, including information about people's health or religion", the report reads. But the developers were initially unable to stop their apps from sharing the "SDK initialized" data with Facebook, simply because the option wasn't there.

The report from Privacy International points out that a person with a Muslim prayer app, period tracker, Indeed and a children's app could be identified as likely a female, Muslim, job-seeking parent - even if they had never identified themselves as any of those things on Facebook.

"It is hard to protect yourself from the kind of data sharing that we have described in this report", Privacy International said. The update also does not even disable the SDK initialization message in question and the apps are still sending data.

More news: Mohamed Salah Sadio Mane Pierre-Emerick Aubameyang shortlisted for CAF award