Note: Updated at 2:38 p.m. ET with data from a new Wall Street Journal report.
App developers are sending data to Facebook in droves, according to a British privacy advocacy group and the Wall Street Journal.
The advocacy group, Privacy International, released a report on Dec. 30 entitled "How Apps on Android Share Data with Facebook (even if you don't have a Facebook account)", detailing the process by which Android apps send user data to Facebook -- for Facebook users and non-users alike.
The group tested 34 Android apps and found that 21 of them, or 61 percent, "automatically transfer data to Facebook the moment a user opens the app." These apps included Duolingo, Kayak, Shazam, Spotify, TripAdvisor and Yelp. The group presented its findings at the 35th Chaos Communications Congress hacker conference in Leipzig, Germany, at the same time it released its report.
And on Friday (Feb. 22), the Wall Street Journal released a report naming "at least 11" iOS apps that share personal information in this manner, including the Flo Period & Ovulation Tracker and Realtor.com. These reportedly include "at least six" of the top 15 health and fitness apps. The Journal tested over 70 of the most popular items in Apple's app store.
The report notes that Facebook software within the iOS apps sends user actions back to Facebook via a "custom app events." These reports include data about the user's device in addition to information from the app. Facebook can often match those data to Facebook users -- but it has your info regardless of whether you have a Facebook profile or not.
There's no way to avoid this kind of data sharing. It doesn't matter whether you're logged into Facebook, or whether you have a Facebook account. The researchers also implied that some iOS apps might do the same.
If you use one of these apps -- and there are doubtless many others that weren't tested -- then Facebook probably knows a couple things about you.
For one, it knows that you're using that app every time you open it. Facebook can also be told when you've installed an app and when you've deactivated it. (If this sounds familiar, Facebook's free Onavo Protect VPN app, which Apple kicked out of the App Store in August, does the same thing.)
But it gets more specific. The travel app Kayak, for example, sends your flight searches to Facebook, including your departure and arrival criteria and the number of tickets you're looking for.
That information is tied to what's called your Google advertising ID (AAID), which Android app advertisers use to consolidate your browsing behavior from different apps and platforms. And, well, those Google ad IDs can be used to track your every movement if you're in the bad habit of leaving your location services turned on. (This sort of thing happens on iOS and Android devices alike.)
While it's possible to blame app developers for this blatant privacy violation, the report notes that by default, any Android app that uses Facebook's Android software development kit (SDK) will automatically transfer data to Facebook, and that for a time, developers couldn't turn off the functionality entirely. A similar Facebook SDK for iOS apps is also widely used.
To be fair, many other online-advertising companies, including Google, collect similar data from mobile apps. But this is yet further down the privacy rabbit hole that Facebook has been digging itself into over the past year.
We've been discussing the platform's questionable user-data usage as a downside to having a Facebook account for months. However, it seems that the problem is worse than we thought: You can't escape Facebook, even if you delete your account.
Here's a list of the apps named by each report, and examples of the information they share with Facebook. We will add to this list as more information becomes available.
Wall Street Journal:
- Flo Period & Ovulation Tracker - Ovulation cycles, intention to get pregnant
- Instant Heart Rate: HR Monitor - Heart rates
- Realtor.com - Location and price of viewed listings, favorites
- BetterMe: Weight Loss Workouts - Heights, weights
- Breethe Inc. - Email addresses, meditations completed
- MyFitnessPal - App usage
- Duolingo - Settings, session times
- Family Locator - App usage
- Indeed - Job search requests
- Kayak - Search timestamps, departure city/airport/date, arrival city/airport/date, number of tickets, class of tickets
- King James Bible - Searches, app usage
- Muslim Pro - Settings, app usage
- My Talking Tom - App usage
- Period Tracker Clue: Period & Ovulation Calculator - App usage
- Qibla Connect - App usage
- Shazam - Settings, streaming services
- Skyscanner - Departure and arrival city/airport, search time, flight dates, number of tickets, class of tickets
- Spotify - App usage
- Super-Bright LED Flashlight - Session time, settings
- The Weather Channel - App usage
- TripAdvisor - App usage
- VK - App usage
- Yelp - App usage
- Salatuk - App usage