Following its December report, Privacy International discovers that seven major Android apps, including Yelp and Duolingo, still send personal data to Facebook when it launches.


Large Android mobile applications from companies such as Yelp and Duolingo send data that could be used to personally identify you and allow direct tracking of ads directly to Facebook upon login, according to a new report released by the UK Protection and Protection Group. privacy protection Privacy International (PI). ). This data transfer takes place even if a user is not connected to Facebook on this device and even if he does not have an active Facebook account.

In addition to Yelp and Duolingo, PI discovered that two Muslim prayer apps, as well as a Bible app and a job search application called Indeed, were also sending data similar to Facebook, which could be used to help identify users for the purposes of targeting ads when they are browsing. the social network. The type of data sent in this case is not clear, other than the fact that a user has opened the application at a given time, but the PI report indicates that this transmission may also reveal personalized identifiers allowing Facebook to follow this user on his network of services. and when this person opens Facebook on a mobile device.

The report is based on a similar survey conducted by PI last December which revealed for the first time that big name Android apps were sending data to Facebook without the user's consent and without proper disclosure. He also points out that this problem is universal on iOS and Android. last month, The Wall Street Journal revealed that these same development tools that extract data when you use a mobile app and send them to Facebook are used on iPhone apps, despite Apple's much stricter privacy policies.

"This poses a lot of problems, not only for privacy, but also for competition. The data that the applications send to Facebook usually include information such as the fact that a specific application, such as a prayer app for Muslims, has been opened or closed, "reads in the PI report, published more early in the day. "It sounds pretty basic, but it really is not. Since the data is sent with a unique identifier, the Google advertising identity, it would be easy to link them into a profile and to paint a detailed picture of a person's interests, identities, and daily routines. "

While Facebook's privacy practices are being further scrutinized following the Cambridge Analytica data privacy scandal last year, lesser-known deals between major advertising agencies and Smaller application makers using these platforms are put in the spotlight. target existing ones with ads. As revealed by the WSJ Last month, a number of leading iOS app makers used a Facebook analytics tool called "custom app events." In this case, he shared sensitive health, fitness, and financial data with the social network for advertising targeting purposes.

On Android, Facebook has for a long time been collecting sensitive user data such as contact logs, call history, SMS data and real-time location data, in order to inform the targeting of its users. announcements and enhance features such as friend suggestions. Yet these practices have caused widespread public outcry among privacy advocates and users. Facebook collects far too much data about their personal lives and their online and offline behaviors. Following reports on Facebook using its localization capabilities to prevent company interns from jumping jobs, he said that this would allow Android users to explicitly disable this feature.

In this case, PI highlights one of Facebook's long-standing indirect data collection strategies, which relies on third-party applications to collect and autonomously send information about the use of the applications on the social network without informing users users of the arrangement.

Application makers send user information directly to Facebook, often without consent or disclosure.

"Facebook regularly tracks users, non-users and disconnected users outside of its platform via Facebook's business tools. Application developers share data with Facebook via the Facebook Software Development Kit (SDK), a set of software development tools that help them create applications for a specific operating system. PI said in its initial report of December 2018. The report found that nearly two-thirds of the 34 Android apps tested by PI, including big names such as Spotify and Kayak, all counted between 10 and 500 million. facilities, sent information to Facebook without informing users or obtaining their express consent.

PI says that a number of applications have stopped the practice after its December report. Likewise, most operators of iOS apps highlighted in the WSJ Report has also stopped using Facebook's analysis and development tools to collect sensitive user data. However, it seems that some applications, such as Yelp and Duolingo, continue to do so. PI claims to be in contact with Duolingo and the company has agreed to suspend this practice, but it is unclear how many applications from the Android or iOS ecosystem could bypass the data collection and privacy rules of the Apple and Google users to improve the targeting of ads on Facebook. tools.

In these situations, Facebook is responsible for the creators of the apps not to break the rules of the platform or to misuse its development tools by collecting sensitive information. The company also claimed not to use most of this sensitive data and in some extreme cases, such as credit card and social security numbers, automatically deletes them. But we do not understand why the data is collected and how it was used in the past, whether by the applications that collect it or by Facebook.

"Apps are relying on Facebook's SDK to integrate their product with Facebook's services, such as Facebook's login and tracking tools." However, Facebook attributes any responsibility to the apps to ensure that the data they send to Facebook has been collected legally, "reads the report of PI. Facebook is not immediately available for comment.