A study conducted by Privacy International found out that two-thirds of 34 popular Android apps send the user’s data to Facebook without their consent, including Kayak, MyFitnessPal, Skyscanner, TripAdvisor, and Indeed.
These apps reportedly include Facebook Software Development Kit (SDK), which was specifically designed to automatically transmit users data to Facebook irrespective of whether the user has an account or not.
Travel app like Kayak, send flight searches of its users, their journey date, destination, number of tickets, arrival city, some other sensitive information.
Privacy International said, ‘We found that at least 61 percent of apps we tested automatically transfer data to Facebook the moment a user opens the app. This happens whether people have a Facebook account or not, or whether they are logged into Facebook or not.
‘The primary purpose of advertising IDs, such as the Google advertising ID (or Apple’s equivalent, the IDFA) is to allow advertisers to link data about user behavior from different apps and web browsing into a comprehensive profile.
‘If combined, data from different apps can paint a fine-grained and intimate picture of people’s activities, interests, behaviors, and routines, some of which can reveal special category data, including information about people’s health or religion.’
This is the violation of privacy guidelines in several places, including European Union countries where new data protection law, GDPR (General Data Protection Regulation) into effect on May 25, 2018.
Facebook sent a statement to Privacy International on 28 December 2018 through an email stating: “Prior to our introduction of the “delay” option, developers had the ability to disable transmission of automatic event logging data, except for a signal that the SDK had been initialized. Following the June change to our SDK, we also removed the signal that the SDK was initialized for developers that disabled automatic event logging.”