Several Popular Apps Share Data With Facebook Without User Consent (ft.com) 146
Some of the most popular apps for Android smartphones, including Skyscanner, TripAdvisor and MyFitnessPal, are transmitting data to Facebook without the consent of users in a potential breach of EU regulations. From a report: In a study of 34 popular Android apps, the campaign group Privacy International found that at least 20 of them send certain data to Facebook the second that they are opened on a phone, before users can be asked for permission. Information sent instantly included the app's name, the user's unique ID with Google, and the number of times the app was opened and closed since being downloaded. Some, such as travel site Kayak, later sent detailed information about people's flight searches to Facebook, including travel dates, whether the user had children and which flights and destinations they had searched for. European law on data-sharing changed in May with the introduction of General Data Protection Regulation and mobile apps are required to have the explicit consent of users before collecting their personal information.
I doubt anyone really cares (Score:5, Interesting)
Re:I doubt anyone really cares (Score:5, Interesting)
Give it time. Over the years people will start to understand how the data driven business model really works. That profiling is not just about personalised ads, but equally about handling you as a risk, which often means denying you opportunities such as jobs or cheap insurance. The real businessmodel of these companies is the continuous background check.
In a few years the 'data is the new oil' narative will backfire on Silicon Valley, as the 'data as a pollutant' metaphor will become all to apt. This comparison will then lead us to ask: what is the data version of global warming?
It's Social Cooling [socialcooling.com].
Re: I doubt anyone really cares (Score:1)
Oh, those poor companies.
Do you really want to blame the consumer / the masses?
When a company prays on weaknesses such as FOMO & loneliness, such as the dopamine hits of "views" and "likes", such as influencing the flow of information such as political ads while at the same time having large lobbying budgets... Do you really want to blame each individual consumer?
Re: I doubt anyone really cares (Score:1)
What does petitioning God have to do with your comment?
Re: (Score:3)
means denying you opportunities such as jobs or cheap insurance.
You need to look at the other side of the coin. For everyone denied an opportunity, someone else gets one. So if you have good credit, no medical problems, etc., then you should benefit from having your data widely shared.
Re: I doubt anyone really cares (Score:1)
Until the Bastille is stormed, absolutely.
Re: I doubt anyone really cares (Score:2)
Re: (Score:2)
You're assuming you won't be wrongly singled out. Basically you're standing on Darwin's door mat screaming "take me! Take me!"
Re: (Score:2)
How can you be sure the stuff stored on you is accurate?
It is still a wash. For everyone hurt, someone else is helped.
It is trivial to fuck someone over with their credit score if you don't like them by creating a dummy offshore organization, and then sending reports to Equfax, Experion, and Transunion about debts not paid
This has absolutely nothing to do with "apps" sharing data. Credit agencies have been around for decades. False information there can be a problem, but that has nothing to do with TFA.
Also, the credit agencies don't accept information from "dummy offshore organizations", and it is not at all "trivial" to submit information to be included in someone's report.
Re: I doubt anyone really cares (Score:2)
Re: I doubt anyone really cares (Score:2)
Re: (Score:3)
I'm not sure what bizarre world you live in, but everywhere I have lived the number of appropriate weight people far outweighs the clearly out of shape ones.
I am guessing that you live in a urban area, and not in the rural south or Appalachia. I am also guessing that you don't shop at Walmart.
More than 60% of Americans are overweight, and more than 30% are obese, with a BMI of 30 or higher.
The fattest states are Mississippi and West Virginia.
The skinniest are Hawaii and Colorado.
Re: I doubt anyone really cares (Score:2)
Re: I doubt anyone really cares (Score:4, Insightful)
I would say SV people do "get" it. A lot of them know that their products are nightmares when it comes to security. But they don't care. To them, security is a cost center. Even more, if some scenario of every device they have has some major vulnerability, the top brass just short their stock, make the announcement, and all go to the local shipwright for new yachts from the money made from the fallout of the announcement.
There is absolutely zero incentive for privacy and security in most industry sectors. Especially IoT where an IoT company benefits from devices that can't be upgraded, as customers will happily buy a new 1.0.1 device because their 1.0 device can get them pwned, and it can't be fixed or firmware updates.
Re: (Score:2)
Re: I doubt anyone really cares (Score:1)
The thing is, with the GDPR you must give the user the option to use the service without data sharing if it is feasible to do so. And that must be the default setting. Also, the data must be stored within the EU and each third party the data is shared with must appear where you agree. If you add a new party, there must be new consent. You also need the name of the contact in EU responsible for the data (to easily sue him/her).
Re:I doubt anyone really cares (Score:5, Interesting)
I have already this happen. A few years ago when I was working for a different employer, I had a friend of mine take a picture of me in a store's humidor. The pictures went on Facebook. Less than a week later, I got a demand from my health insurance company to take a physical with bloodwork or pay smoker's rates.
Already, location data from apps has been uses to spy on Tesla and other firms, tracking where employees are in the building. With tensions getting greater between nations, a person's location can potentially make or break a military initiative.
Good point. (Score:2)
Comment removed (Score:5, Insightful)
Re: They don't care because it's in a EULA (Score:4, Informative)
Re:They don't care because it's in a EULA (Score:5, Insightful)
Re: (Score:2)
If it were spelled out in those terms, a lot more people would notice and care.
Sure.
This app, Facebook, collects absolute NO DATA WHATSOEVER on you, your phone, your car, or your bank account.
Minor note in <tiny print>: This legally binding notice might be ever-so-slightly changed or updated when you're not actively looking at this legal text. See: Reversible Schrodinger's cat. Be Seeing You!
Re: They don't care because it's in a EULA (Score:2)
Re: (Score:2)
This has been the case for a long time. At least you can deny permissions on Android, or on a rooted Android device, use a utility like XPrivacyLua to allow nosy apps to go slurping all the data they want, as it is fed to it from /dev/urandom.
Before this, it was commonplace for even a basic fleshlight app to require every permission under the sun, even ACCESS_SUPERUSER, and with Android's all or nothing permission approach, most people just allowed the app to install and start slurping data to its hearts c
Re: Want to bet?! (Score:2)
Re: (Score:3)
I can't figure out why people install all this junk in the first place.
Re: (Score:1)
It's not that they don't care. It's that they don't know except in general terms. I'm fairly out of touch... with Main Stream News. I live in my own bubble (fav sites, fave news, on demand streams).
Over the last couple of days (as I do on occasion), I venture into the ad-crazed world of TV media. Except for the usual sports, local highlights, brain-warping political onslaught... nothing on Facebook. Zilch! Not on Free TV, not on Free Radio. It's like I stepped back 20 years.
This news might be big on some te
Re: (Score:2)
I'm planning a trip, and I was going to install Kayak to see how well that works... well, now I'm not going to use Kayak as a result of this.
*shrug* They won't notice because I'll never be part of their analytics (unless Google ends up shipping them a list of what apps I have installed on my phone, then they'll be able to see which airline(s) I use).
Re:Who Cares (Score:4, Informative)
Nobody cares. On a rooted Android phone with a privacy guard, firewall and a good blocklist, no app can get or send data anyway.
Re: (Score:2)
On a rooted Android phone with a privacy guard, firewall and a good blocklist, no app can get or send data anyway.
Note that as long as your phone is talking to cell towers, your location is being catalogued, and those catalogues are being shared/sold.
Re: (Score:2)
This is true of any cellphone, and has nothing to do with Android or Google.
wow (Score:2)
wow no way gasp i'm super surprised oh my stars garters amen
The list... (Score:5, Informative)
Calorie Counter - MyFitnessPal
Duolingo: Learn Languages Free
Family Locator - GPS Tracker
Indeed Job Search
Instant Heart Rate: HR Monitor & Pulse Checker
KAYAK Flights, Hotels & Cars
King James Bible (KJV) Free
Muslim Pro - Prayer Times, Azan, Quran & Qibla
My Talking Tom / My Talking Hank etc
Period Tracker Clue: Period & Ovulation Calculator
Qibla Connect® Find Direction- Prayer, Azan, Quran
Shazam
Skyscanner - Cheap Flights, Hotels and Car Rental (Ad Personalisation = Off)
Skyscanner - Cheap Flights, Hotels and Car Rental (Ad Personalisation = On)
Spotify Music
Super-Bright LED Flashlight
The Weather Channel: Local Forecast & Weather Maps
TripAdvisor Hotels Flights Restaurants Attractions
VK (vkontakte)
Yelp
Salatuk (Prayer time)
Bible - Audio, Daily Verse, Study & Offline, Free
BMI Calculator & Weight Loss Tracker
Candy Crush Saga
Clean Master - Antivirus, Cleaner & Booster
Dropbox
HP ePrint (No Longer in Google Play Store)
Opera Browser
Period Tracker, My Calendar
Phone Tracker By Number
Security Master - Antivirus, VPN, AppLock, Booster
Skater Boy
Speedtest by Ookla
WeChat
Re: (Score:3)
Thanks for the list in simple, easy to read text without the crud. The FT article seems to be paywalled.
Re: (Score:3)
security master - LOL!
we were asked to install wechat at work (for talking to our chinese co-workers; its a chinese owned company) and when I saw the list of privs it wanted, I refused. I was one of the few who did not install this crap on my phone. now, looks like I made the right call.
also, a flashlight app?? this shit should be illegal, punishable by real jail time. this crap has got to stop!
Re: (Score:2)
Re:The list... (Score:4, Interesting)
Funny how I don't seem have any of these installed, or in my library. Maybe minimal app selection hygiene is important if one cares about privacy?
Re:The list... (Score:5, Insightful)
Funny how I don't seem have any of these installed, or in my library. Maybe minimal app selection hygiene is important if one cares about privacy?
Agreed. I'm very careful about what apps I install, plus, (as you mentioned above) My phone is rooted, and I have AFWall installed. I also turn off both data and WiFi unless I'm explicitly using them.
Having said that, we shouldn't have to jump through hoops like this to guard our privacy. Privacy should be a basic right, and it should be the default state of all our devices, OS's, and applications / programs. Privacy should NOT be the exclusive province of a) the rich and b) vigilant, technically informed people like us. As at least one other poster has said, corporate privacy violations ought to be against the law, and penalties ought to be severe - TOS be damned. That privacy invasion is not just the norm, but a common business model, is proof of how far civilization has declined. What we now call democracy is simply a bread-and-circuses cover story for the corporatocracy that in fact prevails everywhere.
Re: (Score:2)
Legislation is the outcome of political pressure.
In the absence of a public political mechanism to consider the risks in advance, enough people have to be on the receiving end of the problem so that their costs are high enough for them to be willing to do work to create such pressure. Usually that happens long after an industry is established, and has moved into profitable and arrogant mode of operations, where it can comfortably allocate resources for lobbying against public effort.
So, you may need to wait
Re: (Score:3)
Funny how I don't seem have any of these installed, or in my library. Maybe minimal app selection hygiene is important if one cares about privacy?
I had HP ePrint installed previously, so I could print to my HP printer. Speedtest is a highly common app. Candy Crush is a respected game series. Duolingo is also highly respected. Most of the rest is just fly by night crap, but all of those are pretty major.
Re: (Score:2)
Candy Crush is a respected game series.
Candy Crush is a product of Zynga.
Re: (Score:2)
speedtest? really? fuck you ookla.
Speedtest has been malware for a number of years now.
Re:The list... (Score:4, Interesting)
Re: (Score:2)
Re:The list... (Score:4, Informative)
Calorie Counter - MyFitnessPal Duolingo: Learn Languages Free Family Locator - GPS Tracker Indeed Job Search Instant Heart Rate: HR Monitor & Pulse Checker KAYAK Flights, Hotels & Cars King James Bible (KJV) Free Muslim Pro - Prayer Times, Azan, Quran & Qibla My Talking Tom / My Talking Hank etc Period Tracker Clue: Period & Ovulation Calculator Qibla Connect® Find Direction- Prayer, Azan, Quran Shazam Skyscanner - Cheap Flights, Hotels and Car Rental (Ad Personalisation = Off) Skyscanner - Cheap Flights, Hotels and Car Rental (Ad Personalisation = On) Spotify Music Super-Bright LED Flashlight The Weather Channel: Local Forecast & Weather Maps TripAdvisor Hotels Flights Restaurants Attractions VK (vkontakte) Yelp Salatuk (Prayer time)
Bible - Audio, Daily Verse, Study & Offline, Free BMI Calculator & Weight Loss Tracker Candy Crush Saga Clean Master - Antivirus, Cleaner & Booster Dropbox HP ePrint (No Longer in Google Play Store) Opera Browser Period Tracker, My Calendar Phone Tracker By Number Security Master - Antivirus, VPN, AppLock, Booster Skater Boy Speedtest by Ookla WeChat
According to the article, the list of offending apps stopped at Salatuk. The rest, starting from Bible up to wechat do not or no longer share infos to facebook
Re: (Score:3)
"We also tested the following apps but they don’t transmit data to graph.facebook.com the moment the app is opened, in the most recent iteration of our analysis (December 2018)"
People should be installing (Score:2)
firewalls on their android devices to block outgoing connections (especially to bookface)
NetGuard, AFWall+ (requires root)...
Re: (Score:2)
You do realize most of these apps are using basic OS functionality - the Linux ip filtering and the VPN stack - to manage connections, right, nerd?
Better headline (Score:4, Insightful)
Seems a better headline would be more along the lines of: Free apps make their money one way or the other.
Future contributors to EU government coffers? (Score:2)
Hopefully they will be fined large amounts of money and Facebook as well for accepting the data...
The more we learn about Facebook... (Score:5, Insightful)
Re: (Score:3)
... so you suddenly became woke. ...
Not really. I've critiqued facebook for years. It is just recently that the rest of the world seems to have realized what facebook is about.
I can understand... (Score:3, Interesting)
the average person not understanding how this stuff works and the dangers therein, but anyone in IT should have declared Facebook, et al. pariahs long ago. I remember years ago when working as an IT security auditor thinking that I would never join "social media". Many people saw this coming, but people simply don't want to hear about it because it's "free". Everyone in IT understands it's not free. You (metaphorically) are paying for it. In more ways than one.
I value what little privacy is left over, and as an anecdote, I recently left Fastmail over the Access and Assistance bill. I was a paying customer, but no longer.
The Security Derangement Complex: Technology Companies And Australia’s Anti-Encryption Law [orientalreview.org]
In the end, I think people will not be able to trust companies. 99% of people will never encrypt their missives or online content before storing them. That's crazy, despite not having anything to hide. That old chestnut people love to trot out saying, "If you have nothing to hide, you have nothing to fear.", is garbage. We all have things to hide or would prefer to remain under wraps.
I drive a grey car with no bumper stickers. I wear plain shirts. I don't advertise. I pay cash for booze and tobacco, buy certain things face to face, and generally don't put myself out there for the data miners. My browsing is all done as privately as I can make it. More and more companies are selling, unbeknownst to end users, their data to insurance companies, banks, credit companies, and various governments. We are entering an age where everything is going to be transparent. Those who use encryption that is not "backdoored" will stand out brightly. The cold war between clever end users and the powers that be is coming. VPN/VPS traffic is routinely being deep packet inspected (already a thing) in many places. They are not the panacea people think they are. You cannot trust what you do not control. The Australian AA Bill has really nailed this down for me, and as my only paid account save my ISP, I'm thinking about how to address this in a way that works for me going forward with the friends and family I do communicate with on a regular basis. I'm not paranoid, I just see the patterns being matched around the world with control closing in.
This is probably only scratching the surface (Score:2)
The smart way to do it would be to have your app send the info to you, then you send it to Facebook directly. That way there's no way for the user to detect that you're sharing data with Facebook. I wouldn't at all be surprised if thi
Re: (Score:2)
What law are you referring to?
Re: (Score:2)
The price of the phone doesn't matter at all. You can have a great Android device with super-tight privacy almost for free if you learn how to do it. It doesn't even take a lot of work, just a bit of reading and following a few basic steps.
Sadly, this seems too much work for the average slashdot "nerd" of year 2018.
Re: (Score:2)
The average person is not particularly technically literate, and is happy to presume that there isn't a problem for them.
Mostly, they are right, in the same way that driving without signalling or wearing a seatbelt or putting the headlights on in the rain is mostly ok.
Re: (Score:2)
My comment is a response to the baseless OP argument that paying more money is the same thing as caring for your privacy.
However, there is no need for "technical literacy", just for an average ability to read and follow instructions. The hard technical work has been done and is wrapped in convenient apps that are either free, or cost less than 4-5 bucks.
Worthless, paywalled source. (Score:3, Interesting)
Nothing good ever came from the Financial Times
Re: (Score:1)
Since you clearly aren't prepared to pay, how do you know?
Laws with no teeth (Score:4, Insightful)
There needs to be penalties.
If CEO's get some jail time this stuff will stop right now!
There is no motivation to self police.
They are like "Ooopsie someone made a mistake" "thats against our policy"
Meanwhile once the cat is out of the bag it's a done deal.
And if someone doesn't call them out they will keep on with the butt sniffing.
Re: (Score:2)
Re: (Score:2)
Does your phone listen to your conversations? (Score:2)
I've seen numerous sites "debunk" the idea that your phone listens to your conversations and sends data to advertisers. The problem with every one of them is that they were analyzing the behavior of specific applications, typically the Facebook app. Because Facebook gets data from other application vendors, none of those tests were meaningful.
Does your phone listen to your conversations? Probably. Could be your laptop/desktop computer, too.
Re: (Score:2)
Does your phone listen to your conversations? Probably.
I certainly hope so given wiretapping is a criminal felony offense it would be amazing to pursuit charges and see slime rounded up and carted off to jail.
My imitation of "app-man" (Score:2)
Only crAPPy crAPPS can crAPP all over your privacy.
Re: (Score:3)
APPS!!
My take (Score:3)
I'm shocked! (Score:2)
Shocked I tell you. And saddened, yes definitely saddened. And shock. Mostly shocked, but also somewhat saddened. Yes that's it, shocked and saddened.
People are still using facebook? (Score:2)
If they're still using it after all the s**t in the news lately, they definitely don't care about apps sharing their info. Or their IQ is too low to understand what the problems are. Or both.
I had thought this common knowledge (Score:2)
Facebook grabs all the data it can, it's really not dependent upon your contacts.
I don't use Facebook and have it very well blocked with a HOSTS file on my personal Computer.
I run "Noroot Firewall" on mobile devices. This Christmas a Parrot Drone was gifted, and "FreeFlight mini" software installed
on a mobile phone; Two packets going to Google and one to Facebook were blocked.
Re: (Score:2)
Everything you do on that smartphone you are sending data to Google you cannot even download "apps" without giving them your name e-mail address and your phone number to go with it.
There are many downloader sites freely available on the web. You don't need Google play services and associated malware to download software from the Google play store.