Android apps leaking data to Facebook

  • I’ve been thinking a lot about this since I read the article and findings over a week ago. It’s probably old news by now, but just in case it’s been missed:

    Privacy international have used a MITM proxy to see what a collection of popular android apps are doing without user knowledge. They found that a lot of them send data to Facebook as soon as the app is open (over 60%), regardless of if you have a Facebook account. I verified this using a popular firewall app and some of the apps mentioned - on opening the app tries to communicate with a FB server using the Facebook SDK. This obviously presents a massive breach of the GDPR for EU users, but more importantly a massive failing on part of FB and a concern for all worldwide.

    The findings are here: https://privacyinternational.o…ractions-facebook-android

    Leaked information ranges from the ‘benign’ such as your google ad ID (to track non FB users outside of the platform) to how many times you’ve opened and closed apps and what they are, and in the case of some apps, they communicated with FB how many children you have and your flight departure and destination info. Nice one FB...

    Sent from my iPhone using Tapatalk

  • Privacy? In the US telco providers even sell your location to everyone:…-microbilt-zumigo-tmobile

    Some insights into why those companies are interested in collecting every information they can get of us to store infinitely:…e-tracks-you-3c3abc10781d

    And we all help them by using Google DNS which provides the missing link to be able to track us across devices and generate insights about entities like households or who is a colleague of whom and so on...

  • Correct me if I am wrong, but you can disable Google tracking on an Android device for the most part. I think the reason the FB study is so interesting is because it does a lot of it without users or developers even being aware. You can choose to use a different DNS server, you can choose to not use Chrome and Google search... Firefox and DDG and disable all the Google privacy stuff in Android for example. Yet, this does not affect the FB SDK. I suppose it's very easy to misconstrue my post as "Oh my god! There are these big bad companies that track you!" when infact, what I am getting at is that the FB SDK findings take things to the next level. Users are unaware, not asked (GDPR) and there's no way to turn it off unless you just don't use the app. This is not the same kettle of fish as Google. It's close, but not the same.

    Oh, and Tapatalk banned me for that first post. Please could you unban me? :)

  • I didn't adopt the "Smart Phone", or other android devices, because it was damxed obvious to me that they'd be impossible to secure. When they first came out, it was as if security wasn't even a consideration and no one appeared to be concerned in the least. I couldn't believe it.
    In any case, with current day integrated GPS device tracking, studies have been done for European cell phone companies in "human engineering". Given positioning data from a smart phone and a sufficient data sample, it's possible to predict where the phones' owner will be, on any day of the week and at a given time of day, with close to 80% accuracy. (With this kind of data available, "they" don't have to find you. They know where you're going to be.) And this unbelievably granular level of snooping has nothing to do with an app. All that's needed is for the phone to be "on".

    Given the shenanagans of Google, ISP's and other DNS providers, I moved to running a recursive DNS server - "unbound". Pi-hole connects to it.
    Once entries are cached, unbound is faster than any public provider, bar none.

    But, there are plenty of other hooks out there for logging personal info and habits.

  • It sucks that a lot of apps we're supposed to trust leak our personal information.

    Get a "dumb" phone. Even with a dumb phone, if there are entries in the address book, it should be secured with a password or passcode. Store only phone numbers with initials (not names) in the address book - definitely no street addresses.

    Secured SMART phones exist, that can be trusted to some degree, but they're expensive.

  • Trusting your data on someone else's server (Facebook) comes with risks. When it comes right down to it, it's their server. What you put on their server is private only if the owner chooses to abide by their "promise". (And we've seen more than one instance where their promise wasn't worth much.)

    That's one of the benefits of having your own server. If you use reasonable security precautions, such as not forwarding server ports, your server's security profile is pretty good.

  • Despite the popularity of some applications, your data is not necessarily protected. Therefore, it is more than difficult to ensure that your data is always well protected. These privacy issues don't just affect Android users, as these incorrect settings can also affect some iOS apps in Apple.

  • macom

    Closed the thread.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!