About 20 Android Apps Automatically Transferring Users Data To Facebook & What Facebook Said

According to a recent study, Play Store is offering about 20 Android apps which automatically send the private data of users to the social network Facebook while users haven’t had any awareness about it. Once again, the issue of users’ privacy rights has become a hot topic. Among those apps, there are some famous travel apps like TripAdvisor or Kayak, or Indeed, an app that aims to help users search for jobs.

When analyzing 34 Android apps, Privacy International realized that approximately 61% automatically sent data to Mark Zuckerberg’s Facebook right after being initialized. One of such those apps is Facebook Software Development Kit (SDK) which is developed to transfer data to Facebook.

In the report, some kinds of apps such as Kayak would send sensitive data to Facebook including users’ flight search history, ticket number, departure city, arrival city, and much other information. That shows the privacy of users being seriously threatened.

The report revealed that data gathered from the various apps could be combined to uncover all things related to users such as their routines, activities, behaviors, and interests. Even some detailed data like their religion or health was no longer a secret.

The two elementary factors for these apps to send data to Facebook include apps being installed and Facebook SDK being initialized on Android smartphones. Besides, some other data like when users open an app will be transferred to the company and the data would be shared with both Facebook and the Google Advertising ID (AAID).

This situation has shown the violation of privacy guidelines which are set up in many areas like Europe. From May 25^th, 2018, Europe has carried the General Data Protection Regulation (GDPR) and the EU data protection rules into effect. However, there hasn’t been any clarity concerning how the data which these Android apps send to Facebook is used.

In an email sent to Privacy International, Facebook explained that the company had updated an improvement to the SDK in June 2017, about one month later when the GDPR was with effect. And therefore, the Facebook SDK wouldn’t initialize along with these apps and event logging wouldn’t be automatically enabled.