Android Apps Share Data With Facebook on Launch Without Permission

Last month, we discussed how “Facebook Partners” end-up having a ridiculous amount of access to your data. That was very difficult to report on, at least for me, simply because of how infuriating the whole thing is. Well, it looks like we’re kicking off 2019 with more bad news: the popular Android Apps that you use are most likely sending Facebook your data every time you launch them… and you don’t even have to have a Facebook account.

Android Apps Share Data with Facebook On Launch – Full Story

Privacy International just put out a report that shows how Android apps share your data with Facebook. In the report, PI found that “42.55 percent of free apps on Google Play store could share data with Facebook” and that “at least 61 percent” of the apps they tested “automatically transfer data to Facebook the moment a user opens the app.”

That’s right, the data sharing is automatic. What’s more aggravating is that this data gets shared even if you don’t have a Facebook account. In other words, Facebook has data on non-Facebook users who have never given the company permission to collect, monitor, or store their data. The biggest concern this report raises is the obvious lack of adherence to privacy laws and the GDPR.

Let me explain.

The GDPR, the EU’s General Data Protection Regulation, should be able to hold companies responsible for the handling of personal data they collect from EU residents/citizens. It went into effect in May of 2018 and was hailed by many as the start of a valid structure for privacy laws all over the world. Given that the end of 2018 witnessed many data breaches, a lot of people thought that the GDPR would swoop in and put those companies in their place.

Sadly, the law doesn’t really work as fast as we want it to. It may be a while before we start seeing any real action taken by the GDPR.

What Data Do these Android Apps Share?

The data that is first transmitted to Facebook (automatically) is called “events data”. While events data isn’t something that will properly identify you on its own, it still is data that can be used to identify users as a whole.

Here’s a list of some of the data Privacy International found these Android Apps to be sending:

• When an App is opened.
• When an App is closed.
• If an App gets delete.
• What the User’s device is.
• The user’s suspected location.
• Language the device uses.
• Time zone settings.

So, yes, on their own this set of data is non-identifiable. However, you can make “educated guesses” easily when you have a person’s location and list of used apps and you cross-reference them with all of the other data Facebook collects.

Which Android Apps Are Sharing Your Data?

Here’s a list of some of the Apps that Privacy International found to be sharing your data with Facebook. This is not a comprehensive list, it’s merely a way to illustrate how prevalent this habit is:

• MyFitnessPal
• Duolingo
• Indeed
• KAYAK
• My Talking Tom/ My Talking Hank
• Shazam
• Clue (Period Tracker)
• Spotify
• The Weather Channel
• TripAdvisor
• Super-Bright LED Flashlight
• Yelp
• Salatuk

For the full list, check out Privacy International’s App reports.

Is this Legal?

Now, here’s where it gets a little iffy, in the legal sense.

Facebook puts the sole responsibility of third-party data sharing on the third-party apps. In fact, the company’s Business Tool Terms stated,

“In jurisdictions that require informed consent for storing and accessing cookies or other information on an end user’s device (such as but not limited to the European Union), you must ensure, in a verifiable manner, that an end user provides the necessary consent before you use Facebook Business Tools to enable us to store and access cookies or other information on the end user’s device.”

That sounds great… until you find out that Facebook wasn’t really allowing the developers to do that. Many developers have filed bug reports that raise concerns regarding the GDPR and Facebooks’ Business Tools ToS. These reports all seem to point to the same thing: Facebook has made it impossible for developers to stop their apps from sending data the moment a user launches the app. It seems like the Facebook SDK automatically shares data with the mother company and developers aren’t able to turn that feature off.

35 days after the GDPR took into effect, Facebook launched a new SDK feature that allowed developers to postpone that data sharing until after they’ve gotten permission from the user. However, this new feature only works on the latest version of the SDK, which isn’t used by all developers.

Which Party is at Fault?

So who’s really to blame here? Is it Facebook or the third-party apps that use its SDK?

While Facebook is trying really really hard to throw all responsibility on the third-party apps, the law doesn’t really work that way. In the GDPR, companies that deal with data can fall into two categories: a data processor and a data controller. Each category, obviously, has different levels of responsibility, but both the processor and the controller can be faulted.

The Belgian Court seems to have already made that point clear. Based on a decision made by the Belgian DPA, the Belgian court found that Facebook itself determines “both the objective and means of processing” user data, and “is thus jointly responsible” for meeting legal obligations.

So, is this legal? No. It’s not. It is complicated though, and Data regulators are up against a company that’s famous for using legal loopholes to cover up their despicable data-sharing habits.

How to Safeguard Some of Your Data

Yup, I realize I said “some” of your data. We’ve come to a point where it kind of seems impossible for anyone to opt out of having their data shared, stored, and monitored. Unless you’re planning on adopting a hermit-like existence, all you can really do is trim back how much data Facebook collects.

All hope is not lost, though. There are a few things you can do to make sure that you’re on top of all of your privacy settings, even the ones you don’t know about.

Check Your Social Media Settings

You might think that Facebook is a stand-alone platform, but that’s not true. Facebook has acquired several other companies, including Instagram.

In other words, it’s a lot safer for you to just cover all of your social media profiles and make sure that your settings are up-to-par. Go through your SM’s settings to make sure you have control over what the platform shares and monitors.

Also, remember to go through the privacy settings that your SM’s apps use. Remember, an account is not the same as an app, so you need to go through both.

Get In Control of Location Tracking

Location tracking is one of the most prevalent and terrifying forms of tracking now. So many things track you that it’s getting very difficult to keep that kind of data private. What’s worse is that your location is 100% identifiable, and yet it’s so heavily abused. That being said, Facebook and Google seem to reign supreme when it comes to location tracking. To add to that, Google even tracks you after you’ve turned off Location History! (Luckily, there’s a way around that.)

Other Android apps are also mapping out your location, sometimes to the point of having a detailed breakdown of your entire day. That’s why you need to be more aware of how this happens and what you can do to stop it.

Stop Giving Apps Unnecessary Permissions

I think that mankind, collectively, doesn’t check their app permissions. I get it. Usually, you’ll download an app you want to use on the spot and just allow it to access whatever it wants. You’re in a hurry, you don’t want to sit and read the permissions the apps are asking for, right?

Well, sorry to tell you this but you’re basically giving up your right for privacy like that.

Legally, apps do have to tell you what they want to access. However, they don’t tell you what they’re going to do with that access when they’re asking for permissions. Here’s the deal, you can actually gouge out an app’s data policy (kind of) by paying attention to these permissions.

Don’t believe me? Next time you download an app, pay attention to the kind of access it asks you to give it. If, for example, it’s a calendar-based app that’s asking for access to your microphone, do give it permission to do so. You should learn what the different kinds of permissions actually mean and how to keep Android apps from over-extending their reach.

If You Don’t Need It, Don’t Download It

This isn’t going to be a big paragraph. Actually, I’m just going to wrap one up with this:

If you do not need the app, you do not have to download it.

If you don’t download it, it won’t store your data!

Get Proper Anti-Malware Software

Anti-malware software is something you can in abundance online. However, not all anti-malware do the job they’re meant to do. I highly suggest you start investing in paid and credible anti-malware software in order to make sure that you’re protecting your system to the best of your abilities.

Make sure to always keep your anti-malware updated to benefit from any new security upgrades and features.

Secure Your Internet Connection

The best way to make sure that no data is being siphoned out of your connection without your knowledge is to install a VPN on your router.

VPNs (Virtual Private Networks) do two basic things: encrypt all of your data and re-route your traffic through their own secure servers. While a VPN won’t stop anything you’ve permitted before, it will stop malicious data theft until you can remove the malware responsible. It will also help with location tracking, as a VPN changes your IP address to match the location of the server you’ve connected to. In other words, it helps keep you safe from data theft, internet monitoring and surveillance, and it grants you anonymity online.

I suggest you install it on your router because that’s how you can protect all of your connected devices, including your very dangerous IoTs. If you’re in the market for a VPN, I also suggest you use ExpressVPN as it does provide you with the best security, privacy, and access to geo-blocked content on the market.

You can also try out these providers in case ExpressVPN isn’t right for you:

Android Apps Share Data – Final Thoughts

You guys, privacy is something that you all need to start worrying about. Big Tech companies already have such an expansive hold on most of our data, and we really shouldn’t be making it easier for them to do so. Hopefully, we’ll see some genuine legal action taken to protect our privacy in 2019. Till then, make sure you’re as informed as you can about the topic, and try to implement as many privacy tips as you possibly can.