Investigating Apps interactions with Facebook on Android
Privacy International has been investigating the proliferation of data tracking, brokerage and exchange between many tech companies, both as their primary business as well as value added services.
Facebook routinely tracks users, non-users and logged-out users outside its platform through Facebook
Business Tools. App developers share data with Facebook through the Facebook Software Development
Kit (SDK), a set of software development tools that help developers build apps for a specific operating
system. Using the free and open source software tool called "mitmproxy", an interactive HTTPS proxy,
Privacy International has analyzed the data that a number of Android apps transmit to Facebook through
the Facebook SDK.
Key findings (December, 2018)
We found that at least 61 percent of apps we tested automatically transfer data to Facebook the moment a user opens the app. This happens whether people have a Facebook account or not, or whether they are logged into Facebook or not.
We also found that some apps routinely send Facebook data that is incredibly detailed and sometimes sensitive. Again, this concerns data of people who are either logged out of Facebook or who do not have a Facebook account.
A number of apps no longer transfer personal data to Facebook the moment a users opens the app.
However, many apps still exhibit the same behaviour we described in our original report. These apps automatically transfer personal data to Facebook the moment a user opens the app, before people are able to agree or consent. This happens whether people have a Facebook account or not, or whether they are logged into Facebook or not.