Privacy International shines light on Facebook’s shadow profiling

facebook harvest

The charity Privacy International (PI), which challenges overreaching state and corporate surveillance and advocates personal privacy, has revealed many popular Android apps still that have millions of installs send personal data to Facebook as soon as the app is open. This happens even if you the Facebook app is not installed on the phone or if the user doesn’t even have a Facebook account. 

Last December PI revealed how some of the most widely used apps on the Google Play Store automatically send user data to Facebook the moment they are launched. Since then, two thirds of the apps stopped this default but seven apps, including Yelp, job search app Indeed, the King James Bible app and two Muslim prayer apps, Qibla Connect and Muslim Pro, still send personal data to Facebook before users can decide to consent or not. Facebook can easily link this data to the mounds of other user data it collects to paint a eerily clear picture of someone’s life; their daily routine, social and political make up, psychology, and spending habits. We know data is money and money is power. Tools like this give Facebook far too much power. It also seems pretty illegal and definitely against Europe’s General Data Protection Regulation (GDPR).

GDPR states that individuals have “an absolute right to stop their data being used for direct marketing.” Individuals also have the right to be informed about the “collection and use of their personal data.” Most are unaware that Facebook has their data stored. And how can the shadow-profiling aspect of this reconcile with the GDPR’s right to be forgotten if an individual isn’t even told their data is being held?

This is not just an Android issue either, iOS apps act the same. The reason lies within Facebook’s Software Development Kit code. You know the option to sign in with Facebook Login? That’s your culprit. Even if you don’t login via Facebook or have a Facebook account. The mere presence of that option on many apps allows Zuckerberg’s algorithms to extract all the information it possibly can from your device and add it to the big pile of data it already has so its AI can know you better than you know yourself and sell you things you don’t need. Facebook has power to influence users’ moods, showing them carefully chosen ads across the internet. It could purposely make people depressed, then happy as it shows them shiny things to buy. Remember the secret psychology tests the social network was doing on users in 2012? This is no joke. The power of mass data surveillance can’t be over estimated. Let’s stop it now before we all end up servile robots to Facebook algorithms.  

How Facebook is treating developers is another low. App developers relay on the Facebook SDK to integrate their product with Facebook services but Facebook places all responsibility on the apps themselves to ensure data they send Facebook has been collected lawfully. It’s a bit cheeky. Developers can disable the automated transmission of data, this option only occurred after GDPR came into force. 

The last thing in the world Facebook want is laws backing users’ right to data privacy. It has rubbed honey around the mouths of governments around the world to get them to back them and go against data privacy legislation . It threatened to withhold investment from countries unless they supported or passed Facebook-friendly laws. 

As Facebook takes on the world, it seems like there is a game of pass the buck and individual users have no control as no mainstream smartphone operating system, including Android and iOS, allows users to opt out of third-party tracking in apps.

The privacy app get2Clouds does not use Facebook SDK at all. It does not send user data to Facebook or any other third party. It does not collect any data from users whatsoever. Users don’t even have to register their SIM number. It asks only for the bare minimum permissions it needs to function, and it lets users communicate and share files in an E2E encrypted bubble.