Zoom iOS app quietly sending data to Facebook, even if you have no account
Data shared with Facebook includes your iPhone or iPad model, your time-zone, city, phone carrier and a unique identifier which can be used for ad-targeting …
The discovery was made by Motherboard and confirmed by iOS security researcher Will Strafach.
Upon downloading and opening the app, Zoom connects to Facebook’s Graph API, according to Motherboard’s analysis of the app’s network activity. The Graph API is the main way developers get data in or out of Facebook […]
Zoom is not forthcoming with the data collection or the transfer of it to Facebook. Zoom’s policy says the company may collect user’s “Facebook profile information (when you use Facebook to log-in to our Products or to create an account for our Products),” but doesn’t explicitly mention anything about sending data to Facebook on Zoom users who don’t have a Facebook account at all.
The piece notes that it’s not uncommon for apps to use a Facebook SDK.
This sort of data transfer is not uncommon, especially for Facebook; plenty of apps use Facebook’s software development kits (SDK) as a means to implement features into their apps more easily, which also has the effect of sending information to Facebook.
What is not permitted by Facebook, however, is to do this without notifying users.
Zoom users may not be aware it is happening, nor understand that when they use one product, they may be providing data to another service altogether […]
Facebook told Motherboard it requires developers to be transparent with users about the data their apps send to Facebook. Facebook’s terms say “If you use our pixels or SDKs, you further represent and warrant that you have provided robust and sufficiently prominent notice to users regarding the Customer Data collection, sharing and usage,” and specifically for apps, “that third parties, including Facebook, may collect or receive information from your app and other apps and use that information to provide measurement services and targeted ads.”
Zoom is seeing record use during the coronavirus crisis, as both businesses and consumers use it to keep in touch via group video calls.
It’s not the first time there has been a privacy issue with Zoom. A major vulnerability last year meant that websites were able to activate Mac webcams without first asking permission. And it was recently suggested that the host can monitor other apps in use, though this appears to apply only to corporately-managed machines.
Everyone working remotely:
ZOOM monitors the activity on your computer and collects data on the programs running and captures which window you have focus on.
If you manage the calls, you can monitor what programs users on the call are running as well. It’s fucked up.
— Wolfgang ʬ (@Ouren) March 21, 2020
A the time of writing, the company had not commented on this issue with the Zoom iOS app.
FTC: We use income earning auto affiliate links. More.
Check out 9to5Mac on YouTube for more Apple news: