Privacy International, a UK-based registered charity that defends and promotes the right to privacy across the world, recently examined 34 popular Android apps and found that every single one of them was sharing data with Facebook through its software development kit, or SDK.
Now the question is whether users were asked or at least informed about these communications. Well, since Facebook is involved, you probably guessed that the answer is a no. Congratulations, you have guessed right.
It’s actually more shocking than what we’ve become accustomed to in Facebook-related privacy fiascos. At least 20 of these apps, or roughly 60% of them, were found to “automatically transfer data to Facebook the moment a user opens the app,” even if the user is logged out of his Facebook account or doesn’t even have a Facebook account to begin with, researchers claim.
Some of the shared data is harmless, a mere notification of when a user starts using the app. But the research showed that these apps also shared a unique identifier, known as the Google advertising ID. “If combined, data from different apps can paint a fine-grained and intimate picture of people’s activities, interests, behaviors and routines, some of which can reveal special category data, including information about people’s health or religion,” Privacy International claimed.
Such behavior clearly goes against the EU’s General Data Protection Regulation. And while the responsibility to disable it falls on the developers themselves, Facebook’s SDK failed to provide the option of disabling it until consent is given by the user.
In fact, several developers had already raised the issue with the social networking giant, using bug reports to inform Facebook that they are unable to comply with GDPR because of this omission.
Several complaints later, Facebook had announced that it had fixed the issue, asking that developers upgrade their SDKs to be able to use the option. But the bug reports keep coming, casting doubt over the fix.