This sort of data transfer is not ordinary, especially for Facebook; plenty of apps use Facebook’s software development kits (SDK) as a means to establish features into their apps more efficiently, which also has the effect of delivering information to Facebook. But Zoom fans may not be aware it is happening, nor even understand that when they use one product, they may be giving data to another service altogether unaware.
On downloading and opening the app, Zoom connects to Facebook’s Graph API, according to Motherboard’s analysis of the app’s network activity. The Graph API is the primary way developers get data in or out of the Facebook account.
The Zoom app informed Facebook when the user opens the app, details on the user’s operating device like the model, the time zone and city they are connecting from, which phone carrier they are making use of, and a unique advertiser identifier designed by the user’s device which the companies can use to target a user with advertisements.
The data being sent is similar to that which activist group the Electronic Frontier Foundation (EFF) found the app for surveillance camera vendor Ring posted to Facebook.
Will Strafach, an iOS researcher and founder of privacy-focused iOS app Guardian confirmed Motherboard’s findings that the Zoom app sent data to Facebook.
“I think users can ultimately decide how they feel about Zoom and other apps sending beacons to Facebook, even if there is no direct evidence of sensitive data being shared in current versions,” he told Motherboard in a Twitter direct message.
Zoom is not forthcoming with the data collection or the transfer of it to Facebook. Zoom’s policy says the company may collect user’s “Facebook profile information (when you use Facebook to log-in to our online Products or to create an account for our online Products),” but doesn’t explicitly mention anything about sending data to Facebook on Zoom users who don’t have a Facebook account at all.
Facebook told Motherboard it requires developers to be transparent with users about the data their apps send to Facebook. Facebook’s terms say “If you use our pixels or SDKs, you however represent and warrant that you have provided robust and sufficiently prominent information to users regarding the Customer Data collection, sharing and usage,” and specifically for apps, “that third parties, including Facebook, may collect or get information from your app and other apps and make use of that information to provide measurement services and targeted ads.”
Zoom did not respond to a request for comment.
Zoom has several other potential privacy issues too. As the EFF laid out, hosts of Zoom calls can see if participants have the Zoom window open or not, meaning they can monitor if people are likely paying attention. Administrators can also see the IP address, location data, and device information on each participant, the EFF added.
Zoom does have a record of privacy issues. In 2019, a security investigator unearthed a bug which allowed webcams of Zoom users to be hacked unaware. However, the company has said that the issue has been resolved and can not be encountered anymore.