Android Apps Feed Facebook User Data, Violate EU Reg

Some popular apps for Android smartphones are feeding data to Facebook without user consent, which could be a breach of the European Union’s (EU’s) General Data Protection Regulation (GDPR). When looking at 34 Android apps, the campaign group Privacy International discovered that at least 20 including Skyscanner, TripAdvisor and MyFitnessPal — immediately send certain data to the social media site before users are asked for permission.

The information shared included the app’s name, the user’s unique ID with Google, and the number of times the app was opened and closed after being downloaded. Some travel apps, like Kayak, sent details to Facebook as well, such as travel dates, whether the users had children, and which flights and locations had been searched.

This sharing of data could be a major breach of GDPR, which came into effect in May. With the new regulation, mobile apps must have the consent of users before collecting their personal information or face fines of up to 4 percent of revenues  or €20 million ($22.8 million USD), whichever is greater.

Researcher Frederike Kaltheuner explained that while the app needs to make sure it complies with the regulations, Facebook’s developer kit did not provide the option of waiting for a user’s permission before sending the data.

“At least four weeks after GDPR, it wasn’t even possible to ask for consent because of the default setting of Facebook’s [software development kit (SDK)]. This means data is automatically shared the moment the app opens,” she said, according to Financial Times.

However, a Facebook spokesperson said that app developers could disable automatic data collection, and that the company also recently introduced a feature that allows developers to delay collection of app analytics information.

The report came as the social media giant already faces issues related to GDPR. In October, it was reported that the company could be fined billions of dollars due to a data breach of about 50 million user accounts.


Featured PYMNTS Study: 

With eyes on lowering costs to improving cash flow, 85 percent of U.S. firms plan to make real-time payments integral to their operations within three years. However, some firms still feel technical barriers stand in the way. In the January 2020 Making Real-Time Payments A Reality Study, PYMNTS surveyed more than 500 financial executives to examine what it will take to channel RTP interest into real-world adoption. Here’s what we learned.