Latest in Gear

Image credit: Omar Marques/SOPA Images/LightRocket via Getty Images

More popular apps are sending data to Facebook without asking

MyFitnessPal, TripAdvisor and others may be violating EU privacy law.
1261 Shares
Share
Tweet
Share
Save

Sponsored Links

Omar Marques/SOPA Images/LightRocket via Getty Images

It's not just dating and health apps that might be violating your privacy when they send data to Facebook. A Privacy International study has determined that "at least" 20 out of 34 popular Android apps are transmitting sensitive information to Facebook without asking permission, including Kayak, MyFitnessPal, Skyscanner and TripAdvisor. This typically includes analytics data that sends on launch, including your unique Android ID, but can also include data that sends later. The travel search engine Kayak, for instance, apparently sends destination and flight search data, travel dates and whether or not kids might come along.

While the data might not immediately identify you, it could theoretically be used to recognize someone through roundabout means, such as the apps they have installed or whether they travel with the same person.

The concern isn't just that apps are oversharing data, but that they may be violating the EU's GDPR privacy rules by both collecting info without consent and potentially identifying users. You can't lay the blame solely at the feet of Facebook or developers, though. Facebook's relevant developer kit didn't provide the option to ask for permission until after GDPR took effect. The social network did develop a fix, but it's not clear that it works or that developers are implementing it properly. Numerous apps were still using older versions of the developer kit, according to the study. Skyscanner noted that it was "not aware" it was sending data without permission.

Facebook was sympathetic to Privacy International's concerns in a response, stating that it was crucial for people to both know when an app send data and to "have control" over whether or not that data is linked to them. Future changes like Clear History will also help, Facebook said. The company also stressed to the Financial Times that developers could turn off automatic data gathering and could delay sending app analytics. Still, it's evident that app creators either aren't paying attention to these changes or bothering to adopt them -- they may need a nudge if they're going to avoid controversies and EU fines.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1261 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
BMW's i4 electric sedan will boast a 373-mile range

BMW's i4 electric sedan will boast a 373-mile range

View
Tech companies won’t become banks, but they’ll pretend to

Tech companies won’t become banks, but they’ll pretend to

View
Sony's baffling wearable speaker heads to the US for $300

Sony's baffling wearable speaker heads to the US for $300

View
Google is putting the Pixel 4 and Stadia on sale for Black Friday

Google is putting the Pixel 4 and Stadia on sale for Black Friday

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr