Facebook has been caught with its hands in your personal data jar, again. It’s come to light that an SDK provided by Facebook to app developers has been siphoning off your personal data, without you ever logging into Facebook or giving consent. GDPR violation anyone? The revelations came after security researchers at Privacy International analysed 34 of the most popular Android Apps and found data being transferred to Facebook.

What data are they taking? The application name, your unique Google Advertising ID and the number of times you’re launching the application. Some of the applications were also sending detailed data about searches, transactions and other personal information about interactions made via the app. Again, it seems neither Facebook or the app developers sought consent to collect nor transmit this data to Facebook.

Better still, sending the data was not required for the operation of the application. In other words, it was purely data collection.

Due to the nature of this latest breach of trust, we are going to list all of the apps that have been shown to have this latent tracking included in the Android app. You can read the detailed reports from the researchers here:

  • Calorie Counter – MyFitnessPal,
  • Duolingo,
  • Family Locator,
  • Indeed Job Search,
  • Instant Heart Rate,
  • KAYAK,
  • King James Bible,
  • Muslim Pro,
  • My Talking Tom/ Hank (all of their My Talking apps),
  • Period Tracker Clue,
  • Qibla Connect Find Direction,
  • Shazam,
  • Skyscanner apps,
  • Spotify Music,
  • Super-Bright LED Flashlight,
  • The Weather Channel,
  • TripAdvisor,
  • VK (vkontake),
  • Yelp, and
  • Salatuk.

Having reviewed this list, I know I use an app or two here, and I’m unlikely to ever use those services again.

Unfortunately most people will chose their favourite app over their data protection. The good news is that out of the 34 apps tested, 13 of them were using Facebook’s SDK to violate your privacy. The bad news is that these 34 apps are not the only ones that may have been developed using Facebook tracking tools. As such the researchers are suggesting that it’s possible that many more of your apps are reporting your app usage back to Facebook, without your consent or sign in.

Facebook has now released a new version of their SDK that allows developers the option to ask for consent before sending the data. This was only done four weeks after GDPR came into effect and was likely to be in response to that. However, Facebook did not depreciate the old functionality and as such only developers who update their apps with the new SDK will even have that option, and Facebook has done nothing to make gathering consent mandatory.

In other words, this situation is dishonest at best, and criminal at worst.

If a developer is unaware of what this tool is doing, they’ll be unlikely to seek users permission. Facebook is of course placing the responsibility for the collection of this data on the individual app developers. This is, of course, bullshit – it’s Facebook that’s hoovering up your details.

It will be interesting to see this one develop over the coming weeks. Will Facebook be held accountable for their business practices or have they created enough obscurity that they will get to play the victim again, claiming that the developers incorrectly implemented the technology?

Are you ready to “Get of Facebook” yet, or do you think this is a non issue? Let us know below.

Inline Feedbacks
View all comments
Jamie S

I’ve already deactivated my FB account and will be deleting it very soon. Instagram is next, I’ve had enough. I hope FB dies a slow and agonising death


Sad to see Duolingo make this list. Uninstalled

Would using apps like Island Netguard be of any use in preventing this data being sent to Facebook?


I deactivated my Facebook and Instagram last week. This just confirms my thoughts. Facebook simply can’t be trusted.


Surprised that Shazam is continuing this practice after being acquired by Apple. Uninstalled the guilty apps.


Hmmm , shifty sods , Facebook it seems really have not learned anything .
They really need to hurt Facebook monetarily in a big way for them them to get the message .


Based on that list I dare say it’d be any app with Facebook SSO capability. Which is A LOT of popular apps and games. I really hope the EU jumps all over this