- Megachurch pushes conversion therapy on Instagram, Facebook with #OnceGay 6 Months Ago
- Christian movie review site blasts Netflix’s ‘The Family’ 6 Months Ago
- YouTube removes ‘coordinated’ channels spreading Hong Kong misinformation Today 8:58 AM
- Christina Hendricks reveals she was the hand model for ‘American Beauty’ Today 8:30 AM
- Why can’t independent feminist websites stay afloat? Today 8:17 AM
- Far-right troll Jacob Wohl scammed a Trump fan out of $25,000 Today 7:54 AM
- How to stream Browns vs. Buccaneers in key preseason action Today 7:02 AM
- Harness the power of sun: The best solar-powered phone chargers Today 6:00 AM
- Majority of threats made since El Paso and Dayton shootings have been made online Thursday 8:00 PM
- Miley Cyrus tweets about cheating allegations and penis cake drama Thursday 6:32 PM
- ‘The Dark Crystal: Age of Resistance’ dazzles with a timely tale Thursday 6:00 PM
- The DOJ emailed a white nationalist blog post to immigration judges Thursday 5:31 PM
- The Amazon rainforest is on fire–and people are using memes to cope Thursday 4:11 PM
- Microsoft contractors listened in on Xbox users Thursday 2:15 PM
- Anti-vaxxer assaults pro-vaccine lawmaker on Facebook Live (updated) Thursday 2:15 PM
Using analytics software called “App Events,” a Facebook product built into thousands of popular apps, the social media giant was able to gather personal data regardless if a user owned a Facebook account.
Per the Journal:
It is already known that many smartphone apps send information to Facebook about when users open them, and sometimes what they do inside. Previously unreported is how at least 11 popular apps, totaling tens of millions of downloads, have also been sharing sensitive data entered by users.
In one example, the Journal found that Instant Heart Rate: HR Monitor, the most popular heart-rate tool on the Apple App Store, “sent a user’s heart rate to Facebook immediately after it was recorded.”
Another popular app, Flo Health Inc.’s Flo Period & Ovulation Tracker, alerted the social media company when users were having their periods and when they were looking to get pregnant.
A third app developed by Realtor.com for finding real estate let Facebook know the price and location of any viewed listings.
When confronted about the data collection, Facebook stated to the Journal that some of the apps in question appeared to be violating its business terms by sending them sensitive information.
“We require app developers to be clear with their users about the information they are sharing with us,” a Facebook spokeswoman said.
Apple also reiterated its stance on data sharing after being pointed to the offending apps available in its App Store.
“When we hear of any developer violating these strict privacy terms and guidelines, we quickly investigate and, if necessary, take immediate action,” an Apple spokesperson said.
Google, which operates the Google Play app store, likewise stated that apps must inform users when sensitive data is shared with third parties.
In the case of the Flo Period & Ovulation Tracker app, the company has previously alleged that it does not share “information regarding your marked cycles, pregnancy, symptoms, notes and other information” if a user hasn’t given consent.
After being questioned by the Journal, Flo claimed that it doesn’t share “critical user data” and that any data sent to Facebook is “depersonalized.” After being told that its app was in fact sending sensitive information “with a unique advertising identifier that can be matched to a device or profile,” the company changed its tune. Flo now says it will “substantially limit” its reliance on Facebook’s App Events analytics tool while a privacy audit is conducted.
Although one U.S. company went as far as to announce plans to sever its ties with the Facebook tool altogether, the situation could be even more serious in the European Union, where data sharing practices are highly regulated.
Frederik J. Zuiderveen Borgesius, a law professor at Radboud University in the Netherlands, told the Journal that their findings could indicate a violation of E.U. law.
“For the sensitive data, companies basically always need consent—likely both the app developer and Facebook,” Borgesius said.
For now, it is unclear whether any government will take action. The Federal Trade Commission and Facebook, however, are reportedly negotiating over a multibillion-dollar fine in regards to the social media site’s previous privacy violations.
- Facebook let advertisers target users interested in infamous Nazis
- Scathing privacy report calls Facebook a ‘digital gangster’
- The Hatebook: Inside Facebook’s thriving subculture of racism
Mikael Thalen is a tech and security reporter based in Seattle, covering social media, data breaches, hackers, and more.