A bunch of popular apps on Android could be putting your privacy at risk, according to a study conducted by Privacy International. 61 percent of the apps that were tested were sending data to Facebook as soon as the user opened the app. The data was being shared even before the user was asked for their permission. This happened even if a user didn’t have a Facebook account or wasn’t logged into one.
Privacy International studied 34 popular Android apps to see if they send data to Facebook without a user’s permission. The information sent to Facebook included the app’s title, the user’s unique Android ID, and other app analytics.
However, some apps like Kayak were found sending sensitive data to Facebook. This included flight searches, travel timeline if children were being accompanied, and all the destinations that a user searched for. Most of these popular apps are available for free on the Google Play Store.
Some of the apps that were a part of the study included MyFitnessPal, Duolingo, Family Locator, Kayak, My Talking Tom, Shazam, Spotify, and several other popular apps.
The move is being seen as a clear violation of the General Data Protection Regulation (GDPR), which was set up in May this year. Under the new regulation, mobile apps cannot collect or share a user’s data without their permission.
Privacy International claims that the data collected from users’ devices can be combined to connect activities, interests, behaviours, and other activities of a user. Facebook could use this data, later on, to serve ads based on some highly specific demographics.
While Facebook asks app developers to make sure they can lawfully collect, use, or share their users’ data before sending it to Facebook, the default implementation of the Facebook SDK enabled automatic transmission of event data to Facebook.
After GDPR came into effect, Facebook did release a new feature in its SDK to delay the collection of logged events until a user has given permission to the app. But this was around 35 days after GDPR was implemented and currently works only on Facebook’s SDK version 4.34 and above.
Privacy International has put up a detailed analysis of its study on its website. The group has released details of how each app sends data to Facebook along with responses from each app developer.
This isn’t the first time Android apps have been found to share user data. Earlier in October this year, a report claimed that 88 percent of free apps on Android share data with Google.