Last month, we told you about a number of Android apps that are automatically sending data to Facebook even if the user is logged out of Facebook, opted out of receiving Facebook cookies, or even if they don’t have a Facebook account at all.
The apps in the report included popular apps like Spotify, Kayak, Yelp, Shazam, Instant Heart Rate, Duolingo, TripAdvisor and The Weather Channel.
Now, a new study has exposed additional apps, in Apple’s iOS App Store this time, that are doing the same thing. And these apps may be sharing their users’ most personal secrets by sending out health data, personal statistics and other sensitive data without permission.
What apps may be sharing your personal secrets to Facebook?
A recent investigation by the Wall Street Journal revealed that at least 11 popular apps are sending personal data to Facebook without members’ knowledge or even when the user doesn’t have a Facebook account. In some cases, the sensitive data is sent to Facebook mere seconds after it is recorded.
The Journal analyzed more than 70 popular apps from Apple’s iOS App Store in categories that are known to handle personal information such as health and finance. According to the tests, at least 11 apps sent potentially sensitive data about their users.
The apps named in the study are mostly services that know your personal stats like age, body weight, blood pressure, menstrual cycles, pregnancy status and other private information. Here are some of the apps named in the Wall Street Journal’s report:
- Instant Heart Rate: HR Monitor: Sent a user’s heart rate to Facebook immediately after it was recorded.
- Flo Period & Ovulation Tracker: Told Facebook when a user was having her period or when she informed that app about an intention to get pregnant.
- Realtor.com: Sent location and price of listings that a user browsed through and tracked which ones were favorited.
- Breethe Inc: Sent Facebook the users’ email addresses and the full name of each meditation session completed.
- BetterMe: Shared users’ weights and heights as soon as they were entered on the app.
Apparently, users of these apps have no way of stopping this information from being sent to Facebook, short of uninstalling the apps themselves.
How are apps able to share health data with Facebook?
As is the case with the other apps that were revealed to be sharing information to Facebook automatically, the instant transmission of data is linked with Facebook’s pre-built software development kit (SDK).
Pre-built SDKs are used by developers to help them quickly build apps for specific operating systems. Normally, most of the data that is automatically transmitted to Facebook merely reveals that a user has started using the specific app and for how long.
However, by monitoring the communications transmitted by the apps in the study, the Journal, with the help of software privacy firm Disconnect, discovered that at least six of the top 15 health and fitness apps are sharing personal information with Facebook, beyond what is required.
‘App Events’ allow developers to track you
According to the Journal, Facebook’s SDK has an analytics service called “App Events” that allows app developers to track trends among their users.
Developers can program the SDK to record specific standard actions taken by their app users and in some cases, even define “custom app events” to send to Facebook. This is how the various sensitive data was transmitted to Facebook.
The primary use of this SDK data, of course, is for targeted advertising. They allow advertisers to gather data about a user from different apps, websites and services to create an advertising profile.
Facebook says, ‘not our fault’
A spokesperson for Facebook told the Journal that the social media company doesn’t use “custom app event” data for personalized ads and they automatically delete any sensitive data it receives.
The company also said that it actually instructs app developers not to send “health, financial information or other categories of sensitive information” and its now telling the developers of the apps flagged by the Journal to stop sending such information. Furthermore, if these apps don’t comply, Facebook will take additional action against them.
As usual, Facebook is putting the responsibility on app developers for ensuring that they have the right to collect and share people’s data before transmitting to Facebook.
But the Facebook spokesperson also said that the company is looking into ways to search for apps that are violating its privacy terms and will build more safeguards to prevent it from storing sending sensitive information that apps might send.
One such safeguard in the pipeline may be the “Clear History” feature that Facebook CEO Mark Zuckerberg said that the company will create after being under fire last year for its data collection practices.
This feature will supposedly allow users to check what information applications and websites have shared with Facebook and delete it. There’s still no timeline for this tool but the company said that it’s still building the tech needed to make it possible.
What’s taking them so long, though? With Facebook’s army of developers and programmers, how hard could it be?
Alternatives to Facebook
Facebook has given us a lot of reasons to ditch it, including that whole ordeal with Cambridge Analytica, third-party apps that leak information, and phishing scams (not by Facebook but using the Facebook name).
Looking for a better social network? The Komando Community is coming soon, and if you haven’t already reserved your spot, learn more about it now. It’s a safe and secure place where you’ll be able to meet other Komando fans, socialize with friends and share updates that you want to share, and that won’t be sold to the highest bidder. Reserve your spot in Komando Community now.