Facebook loves to collect data. In the past, the company has been accused of engineering creative means for extracting data from its users. And the past it admitted that it tracked mouse movements and recorded SMS details in a bid to serve people personalised content. But all of this was restricted to the people who were using Facebook or its services like Instagram. Now some research has shown that Facebook also collects data of Android users who don’t have Facebook app installed on their phones, or don’t even have Facebook account. And the way this tracking of non-Facebook users happens is deviously clever.
If you are a non-user, that is you don’t use Facebook, WhatsApp, Instagram, Messenger or any one of the zillion apps that Facebook owns, and you feel like blaming your friends for ratting you out, don’t bother as the fault lies not with your friends but in the apps that you use or in the developers who developed the apps that you use.
Privacy International security researchers, Frederike Kaltheuner and Christopher Weatherhead, recently conducted a research to study how Facebook collects data about non-users, the people who have made a conscious decision of staying away from its allure. They based their research on a study by Oxford University, which stated that 42.5 per cent of the free apps on Google Play Store share data with Facebook. The researchers studied a total of 34 apps each of which had between 10 – 500 million installs. The list of apps they studied included some of the popular names such as Dropbox, HP ePrint, Candy Crush Saga, Opera Browser, WeChat, The Weather Channel: Local Forecast and Weather Maps, Shazam, and TripAdvisor Hotel, Flights among others.
Upon investigation they found that Facebook uses a clever trick to track non users and at the heart of the matter lies a tiny piece of code called the Software Development Kit or SDK. Facebook hands out its SDK to the developers so that they can use it to link their apps with Facebook’s platform. Developers have a choice of either implementing the SDKs as it is or making necessary changes to restrict certain information from being shared with the social media company. However, a vast majority of app developers go for the default implementation of Facebook’s SDK, the security researchers explained.
This means that a vast majority of the tested apps (over 61 per cent) automatically transfer data to Facebook the moment a user opens the app. The shared information includes details on users’ entire search history in case of Kayak app, or the passage of Bible they were reading in case of the Bible app they tested. This sharing of user information, which includes details like device, version of Android, and keyboard localisation among other things, happens regardless of your login status or whether or not you have a Facebook account.
To put it simply, it doesn’t matter if you use Facebook’s services or not. All you need to do is use some of these apps and your data will be shared with the social media giant regardless.
Facebook, on its part, does encourage app developers to get consent from app users for sharing their data with the company, and it provides controls in its SDK that enable the developers to modulate content access to the company. But since a vast majority of the developers use the default version of the SDK, Facebook gets access to all the user data the moment they open the app. In short, the problem lies with the developers who designed the app.
If you are trying to figure out a way around it, don’t bother as the researchers demonstrated that even on opting of ad personalisation on Google, user data was still being shared with the company. And rooting your phone doesn’t seem to help either. The only way around is to install apps that don’t share information with Facebook, but good lucking finding that out.