Apps Sending Personal Information to Facebook
Apps Sending Personal Information to Facebook | |
---|---|
Short Title | Apps Revealing Personal Information of Users to Facebook Through Facebook SDK |
Location | Global |
Date | December 2018 |
Solove Harm | Surveillance, Aggregation, Breach of Confidentiality |
Information | Computer Device, Location, Knowledge and Belief, Behavioral, Identifying, Sexual, Medical and Health, Preference |
Threat Actors | Facebook, Apps that use Facebook SDK, Bible+, Curvy, ForDiabetes, Grindr, Kwitt, Migraine Buddy, Moodpath, Muslim Pro, OkCupid, Pregnancy+ |
Individuals | |
Affected | Users of apps that use Facebook SDK |
High Risk Groups | Medical Patient, Religious Minority, LGBTQ |
Tangible Harms |
Through its SDK, Facebook provides app developers with data about their users, in exchange accessing user information those apps collect, which it then uses for targeted advertising.
Description
Major Android apps like Tinder, Grindr, and Pregnancy+ were found quietly transmitting sensitive user data to Facebook.
This information includes things like religious affiliation, dating profiles, and health care data, as well as IP address of the device that used the app, the type of device, time of use, and a user-specific Advertising ID, which allows Facebook to identify and link third-party app information to the people using those apps. It's being purposefully collected by Facebook through the Software Developer Kit (SDK) that it provides to third-party app developers. And while Facebook doesn't hide this, users of the apps don't usually know about it. Such detalied user tracking can be interpreted as Surveillance.
Through its SDK, Facebook provides app developers with data about their users, including where one clicks, how long they use the app, and their location when their use it.
In exchange, Facebook can access the data those apps collect, which it then uses to target advertising relevant to a user’s interests.
None of the apps transmitting data to Facebook "actively notified users" that they were doing so.Breach of Confidentiality
As long as a user is logged into Facebook on their mobile device at some point (through their phone’s browser or the Facebook app itself), the company cross-references the Advertising ID and can link the third-party app information to a user profile. Aggregation
Apps that transmit personal information to Facebook include Bible+, Curvy, ForDiabetes, Grindr, Kwitt, Migraine Buddy, Moodpath, Muslim Pro, OkCupid, Pregnancy+, and more.