Google Android apps send private info of users to Facebook


In a surprising finding, Android apps are reported to be sending private information of users to Facebook servers- even if the user doesn’t have an official Facebook account. The apps which are indulging in such activities include Yelp, Indeed, Spotify, Duolingo, Skyscanner, Kayak and 23 other popular applications which have humongous amounts of downloads of Google Play store.

All this activity was discovered when a London based non-profit research organization named ‘Privacy International’ (PI) investigated a cyber incident in December last year. News is out that all the said apps operating on Apple iOS platforms also indulge in similar behavior.

PI found in its findings that apps such as King James Bible app, two Muslim prayer apps- Qibla Connect and Muslim Pro app were all found sending personal data of their users to the servers of Facebook with or without consent.

After discussing the issue with Mark Zuckerberg’s company, the charity firm is said to have raised the issue with the European Data Protection Board and the European Data Protection Supervisor.

After a brief investigation, the data watchdog is said to have found the exact cause for such discrepancy. It was found that the data was being forwarded to Facebook servers as most of the apps had the Facebook’s Software Development Kit (SDK) code embedded in their respective apps.

SDK is a business product of the social media giant which helps in knowing the online pulse of apps users by various means. Thus, the tool allows personal data transmission on an automated note when an app is opened.

In general, all such data collection tools were to be operated by app developers after they get the consent of the users. But in reality, the apps were collecting all sensitive info of the users such as name, location,  interests, daily routines, email address, and phone number and were seen sending such critical info to the server farms of Facebook.

Under the GDPR legislation, all apps should collect data only after their user assigns them the permission to do so. But the London based Charity firm argues that the apps were not acting in the way they have to act when it comes to user privacy.

Language related app Duolingo has reacted to the news and is about to release a security update in next few days which will help in removing Facebook SDK Events Component from the users using its app on Android and iOS platforms.

Yelp is yet to react to the news. But a spokesperson from the firm on the condition of anonymity said that it allegations made by Privacy International were found to be untrue.

Note- The news comes only a day after Mark Zuckerberg announced to the world that his company is intending to merge the services of WhatsApp, Facebook, and Instagram messaging services and will offer them with utmost end-to-end encryption.

Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display