Abu Dhabi, UAETuesday 22 October 2019

Facebook failed to disclose it was getting personal user data from app developers

Users of apps are not necessarily even members of Facebook, report finds

The Wall Street Journal is reporting that several phone apps are sending sensitive user data to Facebook, including health information, without users’ consent. AP
The Wall Street Journal is reporting that several phone apps are sending sensitive user data to Facebook, including health information, without users’ consent. AP

From weight loss goals to real estate preferences, Facebook failed to disclose it received sensitive, personal information about mobile application users – even of those who are not Facebook users – and then selling the data for targeted advertisements, an investigation by The Wall Street Journal has found.

While it had been previously reported that smartphone apps commonly send information to Facebook about when users access these apps, and sometimes of their activities, it was never disclosed that at least 11 popular apps – representing tens of millions of downloads – have been sending sensitive user data to the social media company, the Journal said.

In the newspaper's audit of Instant Heart Rate: HR Monitor, Apple's most-downloaded heart-rate app, it was found the app sent a user’s heart rate to Facebook immediately after it was recorded. Flo Health’s Flo Period & Ovulation Tracker sends the social media platform data indicating if a user was on her period, or intends to get pregnant. Real estate app Realtor.com sends the company the location and asking price of listings viewed by a user, noting which ones were marked as favourites, the Journal said.

Of the 11 apps tested and the findings validated by an outside cyber-security company, not one provided the users of the world's biggest social media platform any obvious way to opt out of having their information sent to Facebook.

The company's gathering of health and financial information violates its own business terms, which stipulate that app developers should not send data that may be deemed sensitive or private.

Apple and Google, owners of the two biggest app stores in the world, do not require applications to tell users with whom data is shared. While users can opt in and out of apps being able to access certain types of information such as their birth date or location, there are no permissions for the data users supplying directly to the apps themselves.

Last week, British members of parliament released a scathing 108-page report on disinformation, calling Facebook a "digital gangster”, which “intentionally and knowingly violated both data privacy and anti-competition laws”.

The MPs made recommendations in the report, including a code of ethics governing social media companies and creating a regulator with powers to pursue platforms which do not adhere to the code.

Last year, in response to criticism over its data collection practices, Facebook chief executive Mark Zuckerberg said the company would build a tool called “Clear History” so users could view what data Facebook had collected about them from apps and websites, and to delete it from their accounts. The company says it is still building the technology needed to make the feature possible and a timeline on when it will be available is not forthcoming.

In January, Facebook reported record profit of $6.88 billion for the fourth quarter of 2018, up 61 per cent from the year-ago quarter, and its earnings per share climbed 65 per cent from the year-earlier period.

Updated: February 24, 2019 08:20 PM