Slashdot Mirror

← Back to Stories (view on slashdot.org)

Several Popular Apps Share Data With Facebook Without User Consent (ft.com)

Posted by msmash on from the privacy-woes dept.

Some of the most popular apps for Android smartphones, including Skyscanner, TripAdvisor and MyFitnessPal, are transmitting data to Facebook without the consent of users in a potential breach of EU regulations. From a report: In a study of 34 popular Android apps, the campaign group Privacy International found that at least 20 of them send certain data to Facebook the second that they are opened on a phone, before users can be asked for permission. Information sent instantly included the app's name, the user's unique ID with Google, and the number of times the app was opened and closed since being downloaded. Some, such as travel site Kayak, later sent detailed information about people's flight searches to Facebook, including travel dates, whether the user had children and which flights and destinations they had searched for. European law on data-sharing changed in May with the introduction of General Data Protection Regulation and mobile apps are required to have the explicit consent of users before collecting their personal information.

28 of 146 comments (clear)

  1. I doubt anyone really cares by mschaffer · · Score: 4, Interesting

    Once people get over their knee-jerk sense of outrage (if there is any), I doubt anyone will even uninstall these apps from their phones.

    1. Re:I doubt anyone really cares by mrwireless · · Score: 4, Interesting

      Give it time. Over the years people will start to understand how the data driven business model really works. That profiling is not just about personalised ads, but equally about handling you as a risk, which often means denying you opportunities such as jobs or cheap insurance. The real businessmodel of these companies is the continuous background check.

      In a few years the 'data is the new oil' narative will backfire on Silicon Valley, as the 'data as a pollutant' metaphor will become all to apt. This comparison will then lead us to ask: what is the data version of global warming?

      It's Social Cooling.

    2. Re:I doubt anyone really cares by ShanghaiBill · · Score: 2

      means denying you opportunities such as jobs or cheap insurance.

      You need to look at the other side of the coin. For everyone denied an opportunity, someone else gets one. So if you have good credit, no medical problems, etc., then you should benefit from having your data widely shared.

    3. Re:I doubt anyone really cares by Tailhook · · Score: 2

      I can't figure out why people install all this junk in the first place.

      --
      Maw! Fire up the karma burner!
    4. Re:I doubt anyone really cares by ctilsie242 · · Score: 4, Interesting

      I have already this happen. A few years ago when I was working for a different employer, I had a friend of mine take a picture of me in a store's humidor. The pictures went on Facebook. Less than a week later, I got a demand from my health insurance company to take a physical with bloodwork or pay smoker's rates.

      Already, location data from apps has been uses to spy on Tesla and other firms, tracking where employees are in the building. With tensions getting greater between nations, a person's location can potentially make or break a military initiative.

    5. Re: I doubt anyone really cares by ctilsie242 · · Score: 3, Insightful

      I would say SV people do "get" it. A lot of them know that their products are nightmares when it comes to security. But they don't care. To them, security is a cost center. Even more, if some scenario of every device they have has some major vulnerability, the top brass just short their stock, make the announcement, and all go to the local shipwright for new yachts from the money made from the fallout of the announcement.

      There is absolutely zero incentive for privacy and security in most industry sectors. Especially IoT where an IoT company benefits from devices that can't be upgraded, as customers will happily buy a new 1.0.1 device because their 1.0 device can get them pwned, and it can't be fixed or firmware updates.

    6. Re: I doubt anyone really cares by ShanghaiBill · · Score: 2

      I'm not sure what bizarre world you live in, but everywhere I have lived the number of appropriate weight people far outweighs the clearly out of shape ones.

      I am guessing that you live in a urban area, and not in the rural south or Appalachia. I am also guessing that you don't shop at Walmart.

      More than 60% of Americans are overweight, and more than 30% are obese, with a BMI of 30 or higher.

      The fattest states are Mississippi and West Virginia.

      The skinniest are Hawaii and Colorado.

  2. The list... by Known+Nutter · · Score: 5, Informative

    Calorie Counter - MyFitnessPal
    Duolingo: Learn Languages Free
    Family Locator - GPS Tracker
    Indeed Job Search
    Instant Heart Rate: HR Monitor & Pulse Checker
    KAYAK Flights, Hotels & Cars
    King James Bible (KJV) Free
    Muslim Pro - Prayer Times, Azan, Quran & Qibla
    My Talking Tom / My Talking Hank etc
    Period Tracker Clue: Period & Ovulation Calculator
    Qibla Connect® Find Direction- Prayer, Azan, Quran
    Shazam
    Skyscanner - Cheap Flights, Hotels and Car Rental (Ad Personalisation = Off)
    Skyscanner - Cheap Flights, Hotels and Car Rental (Ad Personalisation = On)
    Spotify Music
    Super-Bright LED Flashlight
    The Weather Channel: Local Forecast & Weather Maps
    TripAdvisor Hotels Flights Restaurants Attractions
    VK (vkontakte)
    Yelp
    Salatuk (Prayer time)

    Bible - Audio, Daily Verse, Study & Offline, Free
    BMI Calculator & Weight Loss Tracker
    Candy Crush Saga
    Clean Master - Antivirus, Cleaner & Booster
    Dropbox
    HP ePrint (No Longer in Google Play Store)
    Opera Browser
    Period Tracker, My Calendar
    Phone Tracker By Number
    Security Master - Antivirus, VPN, AppLock, Booster
    Skater Boy
    Speedtest by Ookla
    WeChat

    --
    Beware of the Leopard.
    1. Re:The list... by Freshly+Exhumed · · Score: 2

      Thanks for the list in simple, easy to read text without the crud. The FT article seems to be paywalled.

      --
      I deny that I have not avoided attaining the opposite of that which I do not want.
    2. Re:The list... by TheGratefulNet · · Score: 2

      security master - LOL!

      we were asked to install wechat at work (for talking to our chinese co-workers; its a chinese owned company) and when I saw the list of privs it wanted, I refused. I was one of the few who did not install this crap on my phone. now, looks like I made the right call.

      also, a flashlight app?? this shit should be illegal, punishable by real jail time. this crap has got to stop!

      --

      --
      "It is now safe to switch off your computer."
    3. Re:The list... by Mr.+Dollar+Ton · · Score: 3, Interesting

      Funny how I don't seem have any of these installed, or in my library. Maybe minimal app selection hygiene is important if one cares about privacy?

    4. Re:The list... by jenningsthecat · · Score: 4, Insightful

      Funny how I don't seem have any of these installed, or in my library. Maybe minimal app selection hygiene is important if one cares about privacy?

      Agreed. I'm very careful about what apps I install, plus, (as you mentioned above) My phone is rooted, and I have AFWall installed. I also turn off both data and WiFi unless I'm explicitly using them.

      Having said that, we shouldn't have to jump through hoops like this to guard our privacy. Privacy should be a basic right, and it should be the default state of all our devices, OS's, and applications / programs. Privacy should NOT be the exclusive province of a) the rich and b) vigilant, technically informed people like us. As at least one other poster has said, corporate privacy violations ought to be against the law, and penalties ought to be severe - TOS be damned. That privacy invasion is not just the norm, but a common business model, is proof of how far civilization has declined. What we now call democracy is simply a bread-and-circuses cover story for the corporatocracy that in fact prevails everywhere.

      --
      'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
    5. Re:The list... by drinkypoo · · Score: 2

      Funny how I don't seem have any of these installed, or in my library. Maybe minimal app selection hygiene is important if one cares about privacy?

      I had HP ePrint installed previously, so I could print to my HP printer. Speedtest is a highly common app. Candy Crush is a respected game series. Duolingo is also highly respected. Most of the rest is just fly by night crap, but all of those are pretty major.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    6. Re:The list... by JaredOfEuropa · · Score: 3, Interesting

      Nice. I use Spotify, Dropbox, Speedtest (useful to test WiFi in rental properties), Shazam... but on iOS. Do those apps running on iPhones also send data to FB?

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    7. Re:The list... by PixetaledPikachu · · Score: 3, Informative

      Calorie Counter - MyFitnessPal Duolingo: Learn Languages Free Family Locator - GPS Tracker Indeed Job Search Instant Heart Rate: HR Monitor & Pulse Checker KAYAK Flights, Hotels & Cars King James Bible (KJV) Free Muslim Pro - Prayer Times, Azan, Quran & Qibla My Talking Tom / My Talking Hank etc Period Tracker Clue: Period & Ovulation Calculator Qibla Connect® Find Direction- Prayer, Azan, Quran Shazam Skyscanner - Cheap Flights, Hotels and Car Rental (Ad Personalisation = Off) Skyscanner - Cheap Flights, Hotels and Car Rental (Ad Personalisation = On) Spotify Music Super-Bright LED Flashlight The Weather Channel: Local Forecast & Weather Maps TripAdvisor Hotels Flights Restaurants Attractions VK (vkontakte) Yelp Salatuk (Prayer time)

      Bible - Audio, Daily Verse, Study & Offline, Free BMI Calculator & Weight Loss Tracker Candy Crush Saga Clean Master - Antivirus, Cleaner & Booster Dropbox HP ePrint (No Longer in Google Play Store) Opera Browser Period Tracker, My Calendar Phone Tracker By Number Security Master - Antivirus, VPN, AppLock, Booster Skater Boy Speedtest by Ookla WeChat

      According to the article, the list of offending apps stopped at Salatuk. The rest, starting from Bible up to wechat do not or no longer share infos to facebook

    8. Re:The list... by Spamalope · · Score: 2

      Your cut and paste list include the apps that DO NOT transmit data on startup (everything after the space break). That aside, why is approriate for a print driver to send data to FB ever?!?!? (the HP eprint app) Orany of the rest of these, really...

      "We also tested the following apps but they don’t transmit data to graph.facebook.com the moment the app is opened, in the most recent iteration of our analysis (December 2018)"

  3. Better headline by ChoGGi · · Score: 3, Insightful

    Seems a better headline would be more along the lines of: Free apps make their money one way or the other.

  4. They don't care because it's in a EULA by MikeRT · · Score: 4, Insightful

    I think one of the most effective privacy regs we could have would be a law that requires a plain English explanation of what data is sold or transferred to third parties, including wholly-owned subsidiaries that are operating as a separate company (ex WhatsApp and Facebook).

    No legalese, something that a person with a GED or high school degree should be able to read like this:

    "Location Data

    While your phone's location services are turned on, we will collect the GPS data related to your movements. We will use that to target you with more appropriate ads, services and products. We sell this data to Facebook, Twitter and Amazon. Other purchasers may be added later to this list."

    If it were spelled out in those terms, a lot more people would notice and care.

    1. Re:They don't care because it's in a EULA by alvinrod · · Score: 4, Insightful

      More people might notice and perhaps understand, but I don't know if they'd care. They'll look at it and conclude that they trust those companies enough that they're not concerned. What they won't understand is that those companies are buying all kinds of other data and aggregating it (and then perhaps selling that aggregated data in turn) such that they have far more information about a person than that person might consider possible.

    2. Re: They don't care because it's in a EULA by gravewax · · Score: 3, Informative

      GDPR is defined by location AND citizenship, it is most definitely NOT confined to the physical continent of Europe. You can do transactions completely external to Europe that can send your company into a GDPR legal mess.

  5. The more we learn about Facebook... by QuietLagoon · · Score: 4, Insightful

    ... the worse Facebook looks.

    1. Re:The more we learn about Facebook... by QuietLagoon · · Score: 2

      ... so you suddenly became woke. ...

      Not really. I've critiqued facebook for years. It is just recently that the rest of the world seems to have realized what facebook is about.

  6. I can understand... by Anonymous Coward · · Score: 3, Interesting

    the average person not understanding how this stuff works and the dangers therein, but anyone in IT should have declared Facebook, et al. pariahs long ago. I remember years ago when working as an IT security auditor thinking that I would never join "social media". Many people saw this coming, but people simply don't want to hear about it because it's "free". Everyone in IT understands it's not free. You (metaphorically) are paying for it. In more ways than one.

    I value what little privacy is left over, and as an anecdote, I recently left Fastmail over the Access and Assistance bill. I was a paying customer, but no longer.

    The Security Derangement Complex: Technology Companies And Australia’s Anti-Encryption Law

    In the end, I think people will not be able to trust companies. 99% of people will never encrypt their missives or online content before storing them. That's crazy, despite not having anything to hide. That old chestnut people love to trot out saying, "If you have nothing to hide, you have nothing to fear.", is garbage. We all have things to hide or would prefer to remain under wraps.

    I drive a grey car with no bumper stickers. I wear plain shirts. I don't advertise. I pay cash for booze and tobacco, buy certain things face to face, and generally don't put myself out there for the data miners. My browsing is all done as privately as I can make it. More and more companies are selling, unbeknownst to end users, their data to insurance companies, banks, credit companies, and various governments. We are entering an age where everything is going to be transparent. Those who use encryption that is not "backdoored" will stand out brightly. The cold war between clever end users and the powers that be is coming. VPN/VPS traffic is routinely being deep packet inspected (already a thing) in many places. They are not the panacea people think they are. You cannot trust what you do not control. The Australian AA Bill has really nailed this down for me, and as my only paid account save my ISP, I'm thinking about how to address this in a way that works for me going forward with the friends and family I do communicate with on a regular basis. I'm not paranoid, I just see the patterns being matched around the world with control closing in.

  7. Re:Who Cares by Mr.+Dollar+Ton · · Score: 3, Informative

    Nobody cares. On a rooted Android phone with a privacy guard, firewall and a good blocklist, no app can get or send data anyway.

  8. Worthless, paywalled source. by Gojira+Shipi-Taro · · Score: 3, Interesting

    Nothing good ever came from the Financial Times

    --
    "Oh my God. This is terrible. This is the end of my Presidency. I'm fucked."; ~ Donald J. Trump
  9. Laws with no teeth by Anonymous Coward · · Score: 4, Insightful

    There needs to be penalties.

    If CEO's get some jail time this stuff will stop right now!
    There is no motivation to self police.

    They are like "Ooopsie someone made a mistake" "thats against our policy"
    Meanwhile once the cat is out of the bag it's a done deal.
    And if someone doesn't call them out they will keep on with the butt sniffing.

  10. Re:My imitation of "app-man" by Known+Nutter · · Score: 2

    All APPS in your APP machine are crAAPy until you re-APP them into new APPS!

    APPS!!

    --
    Beware of the Leopard.
  11. My take by Artem+S.+Tashkinov · · Score: 2

    In this day and age I distrust by default any website which keeps my personal data like name, address, etc. and if I have to use such a website I open a private(incognito) tab in my web browser.