A report in late December revealed that various apps were sending data to Facebook without your knowledge, including popular apps like Spotify, Skyscanner, and Kayak. Some of them have fixed this behavior since then, but others haven’t taken action. That means Facebook still gets information about your app-related activities, even if you don’t have a Facebook account or if you’re signed out. And you can’t really do anything about it.
In an recent report, Privacy International says that several popular apps collect data without your knowledge, and send it to Facebook without consent:
Here’s the bad news: seven apps, including Yelp, the language-learning app Duolingo and the job search app Indeed, as well as the King James Bible app and two Muslim prayer apps, Qibla Connect and Muslim Pro, still send your personal data to Facebook before you can decide whether you want to consent or not. Keep in mind: these are apps with millions of installs.
The report explains that the practice is “hugely problematic,” not only because of privacy concerns, but also for competition:
The data that apps send to Facebook typically includes information such as the fact that a specific app, such as a Muslim prayer app, was opened or closed. This sounds fairly basic, but it really isn’t. Since the data is sent with a unique identifier, a user’s Google advertising ID, it would be easy to link this data into a profile and paint a fine-grained picture of someone’s interests, identities and daily routines. And since so many apps still send this kind of data to Facebook, this could give the company an extraordinary insight into a large share of the app ecosystem. We know how valuable such information is, because documents released by the UK parliament show how Facebook used its Onavo virtual private network (VPN) app to gather usage data on competitors.
Facebook purchased WhatsApp for billions of dollars several years ago after discovering that the messaging app was more popular than its own Messenger app. Onavo helped make that discovery possible.
PI says it has notified all the developers of the apps that still send data to Facebook and raised the issue with the European Data Protection Board and the European Data Protection Supervisor. The organization also contacted Facebook and urged them to change their SDK to prevent data collection without consent. Considering that Facebook is big on privacy all of a sudden, it’ll be interesting to see whether anything changes in the near future.
The report also notes that Google collects data about app usage, as well as other third parties, including advertisers and data brokers. PI also links to an Mobilsicher report that says iOS apps send data to Facebook without consent.
Finally, the report does offer ways to limit data collection and user tracking, but no solution would provide a permanent fix. You’ll have to reset your advertising ID regularly, opt out of ad personalization on Android, and monitor the permissions you give applications, as well as the ways certain apps work on Android, to try to limit data spillage.