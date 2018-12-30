Follow Slashdot stories on Twitter

 


Several Popular Apps Share Data With Facebook Without User Consent

Posted by msmash
Some of the most popular apps for Android smartphones, including Skyscanner, TripAdvisor and MyFitnessPal, are transmitting data to Facebook without the consent of users in a potential breach of EU regulations. From a report: In a study of 34 popular Android apps, the campaign group Privacy International found that at least 20 of them send certain data to Facebook the second that they are opened on a phone, before users can be asked for permission. Information sent instantly included the app's name, the user's unique ID with Google, and the number of times the app was opened and closed since being downloaded. Some, such as travel site Kayak, later sent detailed information about people's flight searches to Facebook, including travel dates, whether the user had children and which flights and destinations they had searched for. European law on data-sharing changed in May with the introduction of General Data Protection Regulation and mobile apps are required to have the explicit consent of users before collecting their personal information.

  I doubt anyone really cares

    by mschaffer on Sunday December 30, 2018 @05:07PM
    Once people get over their knee-jerk sense of outrage (if there is any), I doubt anyone will even uninstall these apps from their phones.

    Re:I doubt anyone really cares

      by mrwireless on Sunday December 30, 2018 @05:14PM

      Give it time. Over the years people will start to understand how the data driven business model really works. That profiling is not just about personalised ads, but equally about handling you as a risk, which often means denying you opportunities such as jobs or cheap insurance. The real businessmodel of these companies is the continuous background check.

      In a few years the 'data is the new oil' narative will backfire on Silicon Valley, as the 'data as a pollutant' metaphor will become all to apt. This comparison will then lead us to ask: what is the data version of global warming?

      It's Social Cooling [socialcooling.com].

      • means denying you opportunities such as jobs or cheap insurance.

        You need to look at the other side of the coin. For everyone denied an opportunity, someone else gets one. So if you have good credit, no medical problems, etc., then you should benefit from having your data widely shared.

        Re: I doubt anyone really cares

          by Anonymous Coward

          Until the Bastille is stormed, absolutely.

        • Where did you get the idea that there is conservation of opportunity built into the system? Maybe you meant "while many will be denied an opportunity a few will gain one"?

        Re:

          by plopez

          You're assuming you won't be wrongly singled out. Basically you're standing on Darwin's door mat screaming "take me! Take me!"

      Re:I doubt anyone really cares

        by ctilsie242 on Sunday December 30, 2018 @07:53PM

        I have already this happen. A few years ago when I was working for a different employer, I had a friend of mine take a picture of me in a store's humidor. The pictures went on Facebook. Less than a week later, I got a demand from my health insurance company to take a physical with bloodwork or pay smoker's rates.

        Already, location data from apps has been uses to spy on Tesla and other firms, tracking where employees are in the building. With tensions getting greater between nations, a person's location can potentially make or break a military initiative.

    They don't care because it's in a EULA

      by MikeRT on Sunday December 30, 2018 @05:55PM

      I think one of the most effective privacy regs we could have would be a law that requires a plain English explanation of what data is sold or transferred to third parties, including wholly-owned subsidiaries that are operating as a separate company (ex WhatsApp and Facebook).

      No legalese, something that a person with a GED or high school degree should be able to read like this:

      "Location Data

      While your phone's location services are turned on, we will collect the GPS data related to your movements. We will use that to target you with more appropriate ads, services and products. We sell this data to Facebook, Twitter and Amazon. Other purchasers may be added later to this list."

      If it were spelled out in those terms, a lot more people would notice and care.

    Re:

      by Tailhook

      I can't figure out why people install all this junk in the first place.

    • It's not that they don't care. It's that they don't know except in general terms. I'm fairly out of touch... with Main Stream News. I live in my own bubble (fav sites, fave news, on demand streams).

      Over the last couple of days (as I do on occasion), I venture into the ad-crazed world of TV media. Except for the usual sports, local highlights, brain-warping political onslaught... nothing on Facebook. Zilch! Not on Free TV, not on Free Radio. It's like I stepped back 20 years.

      This news might be big on some te

  • wow no way gasp i'm super surprised oh my stars garters amen

  The list...

    by Known Nutter on Sunday December 30, 2018 @05:34PM

    Calorie Counter - MyFitnessPal
    Duolingo: Learn Languages Free
    Family Locator - GPS Tracker
    Indeed Job Search
    Instant Heart Rate: HR Monitor & Pulse Checker
    KAYAK Flights, Hotels & Cars
    King James Bible (KJV) Free
    Muslim Pro - Prayer Times, Azan, Quran & Qibla
    My Talking Tom / My Talking Hank etc
    Period Tracker Clue: Period & Ovulation Calculator
    Qibla ConnectÂ® Find Direction- Prayer, Azan, Quran
    Shazam
    Skyscanner - Cheap Flights, Hotels and Car Rental (Ad Personalisation = Off)
    Skyscanner - Cheap Flights, Hotels and Car Rental (Ad Personalisation = On)
    Spotify Music
    Super-Bright LED Flashlight
    The Weather Channel: Local Forecast & Weather Maps
    TripAdvisor Hotels Flights Restaurants Attractions
    VK (vkontakte)
    Yelp
    Salatuk (Prayer time)

    Bible - Audio, Daily Verse, Study & Offline, Free
    BMI Calculator & Weight Loss Tracker
    Candy Crush Saga
    Clean Master - Antivirus, Cleaner & Booster
    Dropbox
    HP ePrint (No Longer in Google Play Store)
    Opera Browser
    Period Tracker, My Calendar
    Phone Tracker By Number
    Security Master - Antivirus, VPN, AppLock, Booster
    Skater Boy
    Speedtest by Ookla
    WeChat

    • Thanks for the list in simple, easy to read text without the crud. The FT article seems to be paywalled.

    • security master - LOL!

      we were asked to install wechat at work (for talking to our chinese co-workers; its a chinese owned company) and when I saw the list of privs it wanted, I refused. I was one of the few who did not install this crap on my phone. now, looks like I made the right call.

      also, a flashlight app?? this shit should be illegal, punishable by real jail time. this crap has got to stop!

      • also, a flashlight app?? this shit should be illegal, punishable by real jail time. this crap has got to stop!

        That's why we have 80,000 pages of laws... How about "education"? Making shit illegal does not make it go away... (Drugs / Pyramid Schemes / Con Games).. Education is the most effective way to get rid of scams.

    Re:The list...

      by Mr. Dollar Ton on Sunday December 30, 2018 @06:13PM

      Funny how I don't seem have any of these installed, or in my library. Maybe minimal app selection hygiene is important if one cares about privacy?

      Re:The list...

        by jenningsthecat on Sunday December 30, 2018 @06:52PM

        Funny how I don't seem have any of these installed, or in my library. Maybe minimal app selection hygiene is important if one cares about privacy?

        Agreed. I'm very careful about what apps I install, plus, (as you mentioned above) My phone is rooted, and I have AFWall installed. I also turn off both data and WiFi unless I'm explicitly using them.

        Having said that, we shouldn't have to jump through hoops like this to guard our privacy. Privacy should be a basic right, and it should be the default state of all our devices, OS's, and applications / programs. Privacy should NOT be the exclusive province of a) the rich and b) vigilant, technically informed people like us. As at least one other poster has said, corporate privacy violations ought to be against the law, and penalties ought to be severe - TOS be damned. That privacy invasion is not just the norm, but a common business model, is proof of how far civilization has declined. What we now call democracy is simply a bread-and-circuses cover story for the corporatocracy that in fact prevails everywhere.

        • Legislation is the outcome of political pressure.

          In the absence of a public political mechanism to consider the risks in advance, enough people have to be on the receiving end of the problem so that their costs are high enough for them to be willing to do work to create such pressure. Usually that happens long after an industry is established, and has moved into profitable and arrogant mode of operations, where it can comfortably allocate resources for lobbying against public effort.

          So, you may need to wait

      • Funny how I don't seem have any of these installed, or in my library. Maybe minimal app selection hygiene is important if one cares about privacy?

        I had HP ePrint installed previously, so I could print to my HP printer. Speedtest is a highly common app. Candy Crush is a respected game series. Duolingo is also highly respected. Most of the rest is just fly by night crap, but all of those are pretty major.

    Re:The list...

      by JaredOfEuropa on Sunday December 30, 2018 @07:54PM
      Nice. I use Spotify, Dropbox, Speedtest (useful to test WiFi in rental properties), Shazam... but on iOS. Do those apps running on iPhones also send data to FB?
    • Thanks for the list. Dropbox and Speedtest both removed from my phone and life for that matter, though to be fair dropbox has been dead for ages just never gotten around to uninstalling.

    Re:The list...

      by PixetaledPikachu on Monday December 31, 2018 @12:39AM

      Calorie Counter - MyFitnessPal Duolingo: Learn Languages Free Family Locator - GPS Tracker Indeed Job Search Instant Heart Rate: HR Monitor & Pulse Checker KAYAK Flights, Hotels & Cars King James Bible (KJV) Free Muslim Pro - Prayer Times, Azan, Quran & Qibla My Talking Tom / My Talking Hank etc Period Tracker Clue: Period & Ovulation Calculator Qibla ConnectÂ® Find Direction- Prayer, Azan, Quran Shazam Skyscanner - Cheap Flights, Hotels and Car Rental (Ad Personalisation = Off) Skyscanner - Cheap Flights, Hotels and Car Rental (Ad Personalisation = On) Spotify Music Super-Bright LED Flashlight The Weather Channel: Local Forecast & Weather Maps TripAdvisor Hotels Flights Restaurants Attractions VK (vkontakte) Yelp Salatuk (Prayer time)

      Bible - Audio, Daily Verse, Study & Offline, Free BMI Calculator & Weight Loss Tracker Candy Crush Saga Clean Master - Antivirus, Cleaner & Booster Dropbox HP ePrint (No Longer in Google Play Store) Opera Browser Period Tracker, My Calendar Phone Tracker By Number Security Master - Antivirus, VPN, AppLock, Booster Skater Boy Speedtest by Ookla WeChat

      According to the article, the list of offending apps stopped at Salatuk. The rest, starting from Bible up to wechat do not or no longer share infos to facebook

    • Your cut and paste list include the apps that DO NOT transmit data on startup (everything after the space break). That aside, why is approriate for a print driver to send data to FB ever?!?!? (the HP eprint app) Orany of the rest of these, really...

      "We also tested the following apps but they don’t transmit data to graph.facebook.com the moment the app is opened, in the most recent iteration of our analysis (December 2018)"

  • firewalls on their android devices to block outgoing connections (especially to bookface)

    NetGuard, AFWall+ (requires root)...

  Better headline

    by ChoGGi on Sunday December 30, 2018 @05:51PM

    Seems a better headline would be more along the lines of: Free apps make their money one way or the other.

  The more we learn about Facebook...

    by QuietLagoon on Sunday December 30, 2018 @05:58PM
    ... the worse Facebook looks.

  I can understand...

    by Anonymous Coward on Sunday December 30, 2018 @05:59PM

    the average person not understanding how this stuff works and the dangers therein, but anyone in IT should have declared Facebook, et al. pariahs long ago. I remember years ago when working as an IT security auditor thinking that I would never join "social media". Many people saw this coming, but people simply don't want to hear about it because it's "free". Everyone in IT understands it's not free. You (metaphorically) are paying for it. In more ways than one.

    I value what little privacy is left over, and as an anecdote, I recently left Fastmail over the Access and Assistance bill. I was a paying customer, but no longer.

    The Security Derangement Complex: Technology Companies And Australia’s Anti-Encryption Law [orientalreview.org]

    In the end, I think people will not be able to trust companies. 99% of people will never encrypt their missives or online content before storing them. That's crazy, despite not having anything to hide. That old chestnut people love to trot out saying, "If you have nothing to hide, you have nothing to fear.", is garbage. We all have things to hide or would prefer to remain under wraps.

    I drive a grey car with no bumper stickers. I wear plain shirts. I don't advertise. I pay cash for booze and tobacco, buy certain things face to face, and generally don't put myself out there for the data miners. My browsing is all done as privately as I can make it. More and more companies are selling, unbeknownst to end users, their data to insurance companies, banks, credit companies, and various governments. We are entering an age where everything is going to be transparent. Those who use encryption that is not "backdoored" will stand out brightly. The cold war between clever end users and the powers that be is coming. VPN/VPS traffic is routinely being deep packet inspected (already a thing) in many places. They are not the panacea people think they are. You cannot trust what you do not control. The Australian AA Bill has really nailed this down for me, and as my only paid account save my ISP, I'm thinking about how to address this in a way that works for me going forward with the friends and family I do communicate with on a regular basis. I'm not paranoid, I just see the patterns being matched around the world with control closing in.

  • *IF* you're going to flaunt the law and send info your app collects to Facebook without the phone owner's consent, doing it from the phone is stupid. It allows the phone owner to check on the data your app is transmitting, and catch it sending info to Facebook as TFA did.

    The smart way to do it would be to have your app send the info to you, then you send it to Facebook directly. That way there's no way for the user to detect that you're sharing data with Facebook. I wouldn't at all be surprised if thi

  Worthless, paywalled source.

    by Gojira Shipi-Taro on Sunday December 30, 2018 @06:19PM

    Nothing good ever came from the Financial Times

  Laws with no teeth

    by Anonymous Coward on Sunday December 30, 2018 @07:01PM

    There needs to be penalties.

    If CEO's get some jail time this stuff will stop right now!
    There is no motivation to self police.

    They are like "Ooopsie someone made a mistake" "thats against our policy"
    Meanwhile once the cat is out of the bag it's a done deal.
    And if someone doesn't call them out they will keep on with the butt sniffing.

    • There needs to be penalties.

      If CEO's get some jail time this stuff will stop right now!

      What the fuck? Drug dealers get real jail time.. Have drugs gone away? You know how you get someone to not do drugs? You teach them. Show them what drugs can do.. The effects.. etc..

      You know how you get fucked up apps to go away? Teach people about them. Laws don't do anything for prevention. You could arrest every CEO on the planet tomorrow and 5 days later there would be a new batch of shit apps put out with the blessings of a whole new crop of shit CEOs. People are greedy and they'll lie/cheat/ste

  • I've seen numerous sites "debunk" the idea that your phone listens to your conversations and sends data to advertisers. The problem with every one of them is that they were analyzing the behavior of specific applications, typically the Facebook app. Because Facebook gets data from other application vendors, none of those tests were meaningful.

    Does your phone listen to your conversations? Probably. Could be your laptop/desktop computer, too.

    • Does your phone listen to your conversations? Probably.

      I certainly hope so given wiretapping is a criminal felony offense it would be amazing to pursuit charges and see slime rounded up and carted off to jail.

  • Only crAPPy crAPPS can crAPP all over your privacy.

  • In this day and age I distrust by default any website which keeps my personal data like name, address, etc. and if I have to use such a website I open a private(incognito) tab in my web browser.

  • Shocked I tell you. And saddened, yes definitely saddened. And shock. Mostly shocked, but also somewhat saddened. Yes that's it, shocked and saddened.

  • If they're still using it after all the s**t in the news lately, they definitely don't care about apps sharing their info. Or their IQ is too low to understand what the problems are. Or both.

  • Facebook grabs all the data it can, it's really not dependent upon your contacts.
    I don't use Facebook and have it very well blocked with a HOSTS file on my personal Computer.

    I run "Noroot Firewall" on mobile devices. This Christmas a Parrot Drone was gifted, and "FreeFlight mini" software installed
    on a mobile phone; Two packets going to Google and one to Facebook were blocked.

