Some of the most popular apps for Android smartphones, including Skyscanner, TripAdvisor and MyFitnessPal, are transmitting data to Facebook without the consent of users in a potential breach of EU regulations.

In a study of 34 popular Android apps, the campaign group Privacy International found that at least 20 of them send certain data to Facebook the second that they are opened on a phone, before users can be asked for permission.

Information sent instantly included the app’s name, the user’s unique ID with Google, and the number of times the app was opened and closed since being downloaded. Some, such as travel site Kayak, later sent detailed information about people’s flight searches to Facebook, including travel dates, whether the user had children and which flights and destinations they had searched for.


European law on data-sharing changed in May with the introduction of General Data Protection Regulation (GDPR) and mobile apps are required to have the explicit consent of users before collecting their personal information. Fines for breaching GDPR can be up to 4 per cent of revenues or €20 million, whichever is greater.

The researchers looked at apps with built-in Facebook trackers and intercepted data as it was sent. Many of the apps are free, suggesting that they make money from data-sharing and advertising.

Developer kit

Frederike Kaltheuner, who carried out the research, added that while Facebook places responsibility for complying with regulations on app developers, the US company’s developer kit did not give the option of waiting for a user’s permission before transmitting some types of data.

“At least four weeks after GDPR, it wasn’t even possible to ask for consent, because of the default setting of Facebook’s SDK [software development kit]. This means data is automatically shared the moment the app opens,” she said.

Several app developers have complained about the issue to Facebook since May, filing bug reports on Facebook’s developer platform saying they were unable to comply with the law.

Source link