Slashdot Mirror

← Back to Stories (view on slashdot.org)

Several Popular Apps Share Data With Facebook Without User Consent (ft.com)

Posted by msmash on from the privacy-woes dept.

Some of the most popular apps for Android smartphones, including Skyscanner, TripAdvisor and MyFitnessPal, are transmitting data to Facebook without the consent of users in a potential breach of EU regulations. From a report: In a study of 34 popular Android apps, the campaign group Privacy International found that at least 20 of them send certain data to Facebook the second that they are opened on a phone, before users can be asked for permission. Information sent instantly included the app's name, the user's unique ID with Google, and the number of times the app was opened and closed since being downloaded. Some, such as travel site Kayak, later sent detailed information about people's flight searches to Facebook, including travel dates, whether the user had children and which flights and destinations they had searched for. European law on data-sharing changed in May with the introduction of General Data Protection Regulation and mobile apps are required to have the explicit consent of users before collecting their personal information.

7 of 146 comments (clear)

  1. Better headline by ChoGGi · · Score: 3, Insightful

    Seems a better headline would be more along the lines of: Free apps make their money one way or the other.

  2. They don't care because it's in a EULA by MikeRT · · Score: 4, Insightful

    I think one of the most effective privacy regs we could have would be a law that requires a plain English explanation of what data is sold or transferred to third parties, including wholly-owned subsidiaries that are operating as a separate company (ex WhatsApp and Facebook).

    No legalese, something that a person with a GED or high school degree should be able to read like this:

    "Location Data

    While your phone's location services are turned on, we will collect the GPS data related to your movements. We will use that to target you with more appropriate ads, services and products. We sell this data to Facebook, Twitter and Amazon. Other purchasers may be added later to this list."

    If it were spelled out in those terms, a lot more people would notice and care.

    1. Re:They don't care because it's in a EULA by alvinrod · · Score: 4, Insightful

      More people might notice and perhaps understand, but I don't know if they'd care. They'll look at it and conclude that they trust those companies enough that they're not concerned. What they won't understand is that those companies are buying all kinds of other data and aggregating it (and then perhaps selling that aggregated data in turn) such that they have far more information about a person than that person might consider possible.

  3. The more we learn about Facebook... by QuietLagoon · · Score: 4, Insightful

    ... the worse Facebook looks.

  4. Re:The list... by jenningsthecat · · Score: 4, Insightful

    Funny how I don't seem have any of these installed, or in my library. Maybe minimal app selection hygiene is important if one cares about privacy?

    Agreed. I'm very careful about what apps I install, plus, (as you mentioned above) My phone is rooted, and I have AFWall installed. I also turn off both data and WiFi unless I'm explicitly using them.

    Having said that, we shouldn't have to jump through hoops like this to guard our privacy. Privacy should be a basic right, and it should be the default state of all our devices, OS's, and applications / programs. Privacy should NOT be the exclusive province of a) the rich and b) vigilant, technically informed people like us. As at least one other poster has said, corporate privacy violations ought to be against the law, and penalties ought to be severe - TOS be damned. That privacy invasion is not just the norm, but a common business model, is proof of how far civilization has declined. What we now call democracy is simply a bread-and-circuses cover story for the corporatocracy that in fact prevails everywhere.

    --
    'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
  5. Laws with no teeth by Anonymous Coward · · Score: 4, Insightful

    There needs to be penalties.

    If CEO's get some jail time this stuff will stop right now!
    There is no motivation to self police.

    They are like "Ooopsie someone made a mistake" "thats against our policy"
    Meanwhile once the cat is out of the bag it's a done deal.
    And if someone doesn't call them out they will keep on with the butt sniffing.

  6. Re: I doubt anyone really cares by ctilsie242 · · Score: 3, Insightful

    I would say SV people do "get" it. A lot of them know that their products are nightmares when it comes to security. But they don't care. To them, security is a cost center. Even more, if some scenario of every device they have has some major vulnerability, the top brass just short their stock, make the announcement, and all go to the local shipwright for new yachts from the money made from the fallout of the announcement.

    There is absolutely zero incentive for privacy and security in most industry sectors. Especially IoT where an IoT company benefits from devices that can't be upgraded, as customers will happily buy a new 1.0.1 device because their 1.0 device can get them pwned, and it can't be fixed or firmware updates.