There are mobile applications that steal personal data.
These are some of the most popular applications.
Specifically, these are TripAdvisor, Kayak, Skyscanner, and MyFitnessPal, they transmit certain data on Facebook without the consent of users.
This is likely to violate the European Union’s new Personal Data Protection Regulation (GDPR).
This is according to a survey by Privacy International, which, according to the Financial Times, studied 34 popular mobile apps with built-in Facebook connectivity. Researchers have found that at least 20 of them send data to Facebook within the first second they are activated on a device before users are even asked if they approve of it.
What’s up
The information that is automatically sent to Facebook includes the name of the application, the unique “identity” of the user on Google, and how many times the application has been opened and closed since the user “downloaded” it on his smartphone or tablet.
Some applications, such as Kayak Travel, then send additional information to Facebook, e.g. for flight searches by the user, the dates of his travels, if he has children traveling with him, and to which destinations he goes.
The new EU GDPR requires that explicit consent be obtained from users before such personal information is collected. In the event of a breach by a company, the fines can reach 4% of turnover or € 20 million (whichever is higher).
Privacy International researchers point out that several of the applications they put under the “microscope” are free, so they make money in other ways, apparently by providing data to third parties and allowing ads to be displayed.
According to researcher Fredericke Calthoiner, the responsibility for complying with the application with European personal data regulations belongs to the developer who develops it, but also to Facebook, whose software, when integrated into an application, is configured to collect and sends the data as soon as an application is opened.
That is why some app creators have already protested on Facebook, complaining that they are unable to comply with the new European legislation.
Facebook, for its part, claims to have fixed the problem so that apps don’t share user data with it as soon as they open, and urged app creators to “download” software upgrades and integrate it into apps. in order for the user to be asked before the application automatically, once opened, communicates with Facebook computers.
However, it is not clear whether the problem has been resolved.
“Six months after the release of the upgrade from Facebook, we still see very few indications that application developers are implementing it. Of all the apps we tested, 67.7% automatically upload data to Facebook as soon as the app launches, ”says Privacy International.
Deactivation
A Facebook spokesman, throwing the “ball” at app developers, said that if they wanted to, they could turn off automatic data collection and shipping, but many continue to use the older version of the relevant Facebook software built into their apps, with consequently, they do not have the most recent ability to turn off automatic data sending.
Another source of serious concern for Privacy International is the “de-anonymization” of data, that is, the ability for data sent by an application to be “personified” and associated with a specific user, which is prohibited by the GDPR.
Facebook can link an Android device’s “identity” to a user’s “profile” on the social network and thus know whom the data sent by an application from a mobile phone is.
In this way, Facebook is able to enrich the information it has about its users and then take advantage of the wealth of data for its own benefit.
But even if that doesn’t happen, Facebook can still “extract” valuable information by combining data from multiple applications on the same user’s phone.
If e.g. He has also installed Qibla Connect (for Muslim prayer), Period Tracker Clue (for monitoring menstruation), Indeed (for job search), and My Talking Tom (children’s app), then there is an increased chance that the user will be a Muslim woman. mother of a child and without a job.
A recent study by the University of Oxford found that 43% of free apps that can be “downloaded” from Google Play share data with Facebook.
Only Google itself shares more user data.
A Skyscanner spokesman said: “We had no idea that data was being sent to Facebook in this way without the prior consent of our users, which is contrary to our internal regulations for the integration of third-party technologies.
We are investigating how this happened and we will take measures to do everything right now. “
App creators TripAdvisor, Kayak, and MyFitnessPal declined to comment on Privacy International’s allegations.
A Skyscanner spokesman said: “The company has taken all necessary steps to ensure that no data is transferred to users using the application.”
