News highlights:
- Zoom’s iOS app is sharing user data with Facebook without the user knowledge
- The data includes the device model, time zone, city, and UDI that is used for targeted advertising
- Using Facebook’s SDK allows Zoom to send the user data to Facebook, even if the user is not on Facebook
- No sensitive data is shared yet, but the incident calls for the app to revise its policies
As the whole world is practising social distancing in the wake of Coronavirus, the working population has been pushed out of the offices and into the homes to work remotely and keep the businesses and themselves from drowning in the pandemic wave.
In such times, technology is coming to the rescue of businesses. The video conferencing apps are turning out to be heroes, especially.
Zoom and Skype are two of them, actually, they are the only two which are the most popular among office employees who can’t do without virtual meetings.
With the heavy increase in the use of these apps, comes one of the most important questions, how safe are these apps?
It has come to notice recently, that Zoom, an app that has more than 1 million meeting participants every day, is sharing its users’ data with Facebook without the users’ consent or knowledge.
While many details about this breach of trust are still unclear, we will share with you what we could find about this news.
How Zoom app is sharing your data with Facebook?
According to sources, Zoom is sending the user’s data to Facebook irrespective of the user’s presence on Facebook.
Now that’s really strange. But we’ll explain how that happens.
Zoom uses Facebook’s SDK (Software Development Kit) to enhance its features and that connects it with the blue social media giant automatically.
When a user installs and opens the app on their iOS device, she/he is automatically connected to Facebook’s Graph API, which is how the developers can send or receive data to or from Facebook.
What data is being shared by Zoom app?
Cybersecurity researchers said that every time a user opens their Zoom app, Zoom sends data that includes the user’s:
- Device model
- Network provider
- Time zone
- City
- Unique device ID that advertisers can use to send them targeted ads
What’s wrong with Zoom sharing data with Facebook?
It is not uncommon for companies to share users’ data with each other for money.
But it’s definitely a breach of trust that the user puts in technology, if the data sharing is done without the user’s knowledge.
- They are keeping it secret: The thing is, that Zoom isn’t following any data-sharing protocols that are meant for the best interest of the user to whom the data belongs. Facebook, on the other hand, has been pretty damn clear about its policy stating that services using its SDK and tracking pixels have to clearly mention to the user that their data is going in the hands of third-parties, even if the third party is Facebook itself. Read the section below for the difference in both the apps’ stated policies.
- No option to opt-out: What’s more is that the service has to provide an option to the user that lets them opt-out of this data sharing and tracking.
- It’s non-consensual: Clearly, the data sharing is not consensual by the user since Zoom has skipped the entire part from the privacy policy. Already the users don’t bat an eye towards what’s written in the privacy policy (thanks to the sparkling ‘I Agree’ button), now they also couldn’t make a difference even if they had read it.
The difference in Facebook’s and Zoom’s terms
What Facebook says:
Facebook’s terms say “If you use our pixels or SDKs, you further represent and warrant that you have provided robust and sufficiently prominent notice to users regarding the Customer Data collection, sharing and usage,” and specifically for apps, “that third parties, including Facebook, may collect or receive information from your app and other apps and use that information to provide measurement services and targeted ads.”
What Zoom says:
Zoom’s privacy policy says “our third-party service providers, and advertising partners (e.g., Google Ads and Google Analytics) automatically collect some information about you when you use our Products”.
We hope you can see how specific Facebook’s policy is about notifying the user and how vague Zoom’s policy is about the same.
Even though the information is not highly sensitive and is not shared with some unknown suspicious third party, it still counts as breach of trust on the part of Zoom, a beloved app among users, especially in today’s times.
As we depend more and more on technology for our personal and professional use, we should learn to be more vigilant when it comes to securing our online privacy and security.
We won’t ask you to start reading all the 3 mile long privacy policies for every app you download, but we will ask you to be aware of your data and its tracking.
What do you think about this news? Do you think you will switch to another video calling app?
Do you know of any other app that is violating your trust? Share your thoughts with us in the comments section below.
Stay tuned, stay safe.
