SUBSCRIBE
SUBSCRIBE
EXPLORE +
  • About infoDOCKET
  • Academic Libraries on LJ
  • Research on LJ
  • News on LJ
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Libraries
    • Academic Libraries
    • Government Libraries
    • National Libraries
    • Public Libraries
  • Companies (Publishers/Vendors)
    • EBSCO
    • Elsevier
    • Ex Libris
    • Frontiers
    • Gale
    • PLOS
    • Scholastic
  • New Resources
    • Dashboards
    • Data Files
    • Digital Collections
    • Digital Preservation
    • Interactive Tools
    • Maps
    • Other
    • Podcasts
    • Productivity
  • New Research
    • Conference Presentations
    • Journal Articles
    • Lecture
    • New Issue
    • Reports
  • Topics
    • Archives & Special Collections
    • Associations & Organizations
    • Awards
    • Funding
    • Interviews
    • Jobs
    • Management & Leadership
    • News
    • Patrons & Users
    • Preservation
    • Profiles
    • Publishing
    • Roundup
    • Scholarly Communications
      • Open Access

January 2, 2019 by Gary Price

New Report: “How Apps on Android Share Data with Facebook (Even if You Don’t Have a Facebook Account)”

January 2, 2019 by Gary Price

From Privacy International

This question of whether Facebook gathers information about users who are not signed in or do not have an account was raised in the aftermath of the Cambridge Analytica scandal by lawmakers in hearings in the United States and in Europe. Discussions, as well as previous fines by Data Protection Authorities about the tracking of non-users, however, often focus on the tracking that happens on websites. Much less is known about the data that the company receives from apps. For these reasons, in this report we raise questions about transparency and use of app data that we consider timely and important.

Facebook routinely tracks users, non-users and logged-out users outside its platform through Facebook Business Tools. App developers share data with Facebook through the Facebook Software Development Kit (SDK), a set of software development tools that help developers build apps for a specific operating system. Using the free and open source software tool called “mitmproxy”, an interactive HTTPS proxy, Privacy International has analyzed the data that 34 apps on Android, each with an install base from 10 to 500 million, transmit to Facebook through the Facebook SDK.

2019-01-02_14-01-18All apps were tested between August and December 2018, with the last re-test happening between 3 and 11 of December 2018. The full documentation, including the exact date each app was tested, can be found at https://privacyinternational.org/appdata.

Findings

  • We found that at least 61 percent of apps we tested automatically transfer data to Facebook the moment a user opens the app. This happens whether people have a Facebook account or not, or whether they are logged into Facebook or not.
  • Typically, the data that is automatically transmitted first is events data that communicates to Facebook that the Facebook SDK has been initialized by transmitting data such as “App installed” and “SDK Initialized”. This data reveals the fact that a user is using a specific app, every single time that user opens an app.
  •  In our analysis, apps that automatically transmit data to Facebook share this data together with a unique identifier, the Google advertising ID (AAID). The primary purpose of advertising IDs, such as the Google advertising ID (or Apple’s equivalent, the IDFA) is to allow advertisers to link data about user behavior from different apps and web browsing into a comprehensive profile. If combined, data from different apps can paint a fine-grained and intimate picture of people’s activities, interests, behaviors and routines, some of which can reveal special category data, including information about people’s health or religion. For example, an individual who has installed the following apps that we have tested, “Qibla Connect” (a Muslim prayer app), “Period Tracker Clue” (a period tracker), “Indeed” (a job search app), “My Talking Tom” (a children’s’ app), could be potentially profiled as likely female, likely Muslim, likely job seeker, likely parent.
  • If combined, event data such as “App installed”, “SDK Initialized” and “Deactivate app” from different apps also offer a detailed insight into the app usage behavior of hundreds of millions of people.
  • We also found that some apps routinely send Facebook data that is incredibly detailed and sometimes sensitive. Again, this concerns data of people who are either logged out of Facebook or who do not have a Facebook account. A prime example is the travel search and price comparison app “KAYAK”, which sends detailed information about people’s flight searches to Facebook, including: departure city, departure airport, departure date, arrival city, arrival airpot, arrival date, number of tickets (including number of children), class of tickets (economy, business or first class).
  • Facebook’s Cookies Policy describes two ways in which people who do not have a Facebook account can control Facebook’s use of cookies to show them ads. Privacy International has tested both opt-outs and found that they had no discernible impact on the data sharing that we have described in this report.

Read the Complete Summary Blog Post

Direct to Full Text Report>
51 pages; PDF.

See Also: VIDEO: Presentation Featuring Findings From Report
Recorded at 35th Chaos Computer Congress (35C3).

Filed under: Data Files, News, Patrons and Users

SHARE:

About Gary Price

Gary Price (gprice@gmail.com) is a librarian, writer, consultant, and frequent conference speaker based in the Washington D.C. metro area. He earned his MLIS degree from Wayne State University in Detroit. Price has won several awards including the SLA Innovations in Technology Award and Alumnus of the Year from the Wayne St. University Library and Information Science Program. From 2006-2009 he was Director of Online Information Services at Ask.com. Gary is also the co-founder of infoDJ an innovation research consultancy supporting corporate product and business model teams with just-in-time fact and insight finding.

ADVERTISEMENT

Archives

Job Zone

ADVERTISEMENT

Related Infodocket Posts

American Library Association Reports Record Number of Demands to Censor Library Books and Materials in 2022: Book Challenges...

From the American Library Association: The American Library Association (ALA) today released new data documenting* 1,269 demands to censor library books and resources in 2022, the highest number of attempted book ...

Penn State University Libraries: Expanded Judy Chicago Research Portal Relaunches With Five Unified Collections

From a PSU Libraries Blog Post: Penn State University Libraries has announced the relaunch of an expanded Judy Chicago Research Portal, a searchable gateway to the archives of this prominent feminist ...

Registration Now Open -- May 24-26 Nobel Prize Summit on Misinformation and Trust in Science (In-Person & Virtual)

From the U.S. National Academy of Science: Registration is now open for the Nobel Prize Summit Truth, Trust and Hope — which will convene Nobel Prize laureates and other world-renowned experts and ...

Report: "Top Missouri Lawmaker Moves To Strip Library Funding"

From the Associated Press (AP):  A powerful Missouri state lawmaker on Tuesday moved to strip state funding for public libraries over a fight about books. Republican House Budget Committee Chairman ...

European Research Council (ERC) Study Identifies Repositories That Allow Researchers to Comply With EU Open Science Rules

From the ERC: A new study identifies repositories for data and publications that could help ERC grantees, as well as beneficiaries of other Horizon Europe grants, comply with EU open ...

Nearly 20 Hindawi Journals Delisted From Leading Index Amid Concerns of Papermill Activity & More News Headlines

Conservation Center for Art & Historic Artifacts (CCAHA) and Lyrasis Announce Succession Planning Initiative for Collections Stewardship Nearly 20 Hindawi Journals Delisted From Leading Index Amid Concerns of Papermill Activity ...

Houston Chronicle: "As Book Bans Ebb, the Battle to Criminally Charge Texas Librarians Has Started"

From the Houston Chronicle: Politically and socially conservative, Texas is a national leader in school book challenges and bans; a Chronicle investigation last summer counted more than 2,000 content reviews of challenged school library ...

Connecticut: Librarians and Lawmakers Fight Against High Cost of eBooks

From CT Insider: A bill that would end many of the contract restrictions won unanimous approval last week in the legislative Planning and Development Committee, following recent public hearings that brought ...

Research Tools: National Geographic Society and Utrecht University Launch World Water Map

From the National Geographic Society: Today, the National Geographic Society launched the World Water Map as part of its five-year World Freshwater Initiative to better understand developing freshwater shortages around the world ...

Google is Opening Up Access to Its Bard AI Chatbot Today; Don’s Conference Notes- R2R: The 2023 Researcher...

AI Makes Plagiarism Harder to Detect, Argue Academics – in Paper Written by Chatbot (via The Guardian) Bing Image Creator Comes to the New Bing (via Microsoft) Censorship or Evolution? ...

The Verge: "The Internet Archive is Defending Its Digital Library in Court Today"

UPDATE Hachette v. Internet Archive Statements, Materials, and Media Reports Re: March 20, 2023 Oral Arguments (Last Updated: 10:00am, March 21, 2023; We Expect Additional Updates) Media Reports A Skeptical ...

Journal Article: "Services to Mobile Users: The Best Practice from the Top-Visited Public Libraries in the US"

The article linked below was published today by Information Technology and Libraries (ITAL). Title Services to Mobile Users: The Best Practice from the Top-Visited Public Libraries in the US Authors ...

ADVERTISEMENT

FOLLOW US ON TWITTER

Tweets by infoDOCKET

ADVERTISEMENT

This coverage is free for all visitors. Your support makes this possible.

This coverage is free for all visitors. Your support makes this possible.

Primary Sidebar

  • News
  • Reviews+
  • Technology
  • Programs+
  • Design
  • Leadership
  • People
  • COVID-19
  • Advocacy
  • Opinion
  • INFOdocket
  • Job Zone

Reviews+

  • Booklists
  • Prepub Alert
  • Book Pulse
  • Media
  • Readers' Advisory
  • Self-Published Books
  • Review Submissions
  • Review for LJ

Awards

  • Library of the Year
  • Librarian of the Year
  • Movers & Shakers 2022
  • Paralibrarian of the Year
  • Best Small Library
  • Marketer of the Year
  • All Awards Guidelines
  • Community Impact Prize

Resources

  • LJ Index/Star Libraries
  • Research
  • White Papers / Case Studies

Events & PD

  • Online Courses
  • In-Person Events
  • Virtual Events
  • Webcasts
  • About Us
  • Contact Us
  • Advertise
  • Subscribe
  • Media Inquiries
  • Newsletter Sign Up
  • Submit Features/News
  • Data Privacy
  • Terms of Use
  • Terms of Sale
  • FAQs
  • Careers at MSI


© 2023 Library Journal. All rights reserved.


© 2022 Library Journal. All rights reserved.