A new report put out by campaign group Privacy International found that 20 out of 34 popular Android apps send data to Facebook from your Android device without asking for permission.
In short, the apps identified in this report, which include Prayer apps, MyFitnessPal, DuoLingo, Kayak, Indeed, Shazam, Skyscanner, Spotify, TripAdvisor, and Yelp, send certain data to Facebook the second they are opened on a phone.
The information includes the app’s name and the user’s unique ID with Google. This information is sent whether or not the user has a Facebook account, but if they do, the info can be tied to a profile, essentially de-anonymizing them.
The report from Privacy International points out that a person with a Muslim prayer app, period tracker, Indeed and a children’s app could be identified as likely a female, Muslim, job-seeking parent – even if they had never identified themselves as any of those things on Facebook.
Just before the end of the year, Google wrote an email to Privacy International stating that if a user disables “ads personalization” in the device Advertising ID settings, the advertising identifier cannot be used to create user profiles for advertising purposes. But as Privacy International points out, this doesn’t stop the apps from tracking users, or using collected data for non advertising purposes.
While Facebook says that the onus is on app developers to get users to agree that they have the legal right to collect and share personal data.
Shout out to Candy Crush Saga, Opera browser, and Speedtest by Ookla that didn’t transmit information to Facebook the moment they were opened.
Source: Privacy International