Video calling app Zoom’s iOS version is offering user data with Facebook.

While people work and socialize from home, video conferencing software Zoom has increased in popularity. What the company and its privacy policy do not make clear is that the iOS version of the Zoom app is giving some analytics data to Facebook, even if Zoom users do not have a Facebook record, according to a Motherboard analysis of the app earlier on.

This sort of data transfer is not ordinary, especially for Facebook; plenty of apps use Facebook’s software development kits (SDK) as a means to establish features into their apps more efficiently, which also has the effect of delivering information to Facebook. But Zoom fans may not be aware it is happening, nor even understand that when they use one product, they may be giving data to another service altogether unaware.

“That is shocking. There is nothing in the privacy policy which addresses that,” Pat Walshe, an activist from Privacy Matters who has analyzed Zoom’s privacy policy, reported in a Twitter direct message earlier.

On downloading and opening the app, Zoom connects to Facebook’s Graph API, according to Motherboard’s analysis of the app’s network activity. The Graph API is the primary way developers get data in or out of the Facebook account.

The Zoom app informed Facebook when the user opens the app, details on the user’s operating device like the model, the time zone and city they are connecting from, which phone carrier they are making use of, and a unique advertiser identifier designed by the user’s device which the companies can use to target a user with advertisements.

The data being sent is similar to that which activist group the Electronic Frontier Foundation (EFF) found the app for surveillance camera vendor Ring posted to Facebook.

Will Strafach, an iOS researcher and founder of privacy-focused iOS app Guardian confirmed Motherboard’s findings that the Zoom app sent data to Facebook.

“I think users can ultimately decide how they feel about Zoom and other apps sending beacons to Facebook, even if there is no direct evidence of sensitive data being shared in current versions,” he told Motherboard in a Twitter direct message.

Zoom is not forthcoming with the data collection or the transfer of it to Facebook. Zoom’s policy says the company may collect user’s “Facebook profile information (when you use Facebook to log-in to our online Products or to create an account for our online Products),” but doesn’t explicitly mention anything about sending data to Facebook on Zoom users who don’t have a Facebook account at all.

Facebook told Motherboard it requires developers to be transparent with users about the data their apps send to Facebook. Facebook’s terms say “If you use our pixels or SDKs, you however represent and warrant that you have provided robust and sufficiently prominent information to users regarding the Customer Data collection, sharing and usage,” and specifically for apps, “that third parties, including Facebook, may collect or get information from your app and other apps and make use of that information to provide measurement services and targeted ads.”

Zoom’s privacy policy says, “our third-party service providers and ads. Partners (e.g., Google Ads and Google Analytics) automatically collect some information about you when you use our Products,” but does not link this sort of activity to Facebook explicitly.

Zoom did not respond to a request for comment.

Zoom has several other potential privacy issues too. As the EFF laid out, hosts of Zoom calls can see if participants have the Zoom window open or not, meaning they can monitor if people are likely paying attention. Administrators can also see the IP address, location data, and device information on each participant, the EFF added.

Zoom does have a record of privacy issues. In 2019, a security investigator unearthed a bug which allowed webcams of Zoom users to be hacked unaware. However, the company has said that the issue has been resolved and can not be encountered anymore.

LEAVE A REPLY

Please enter your comment!
Please enter your name here