iPhone, Android apps share sensitive health, financial data with Facebook without user's k...

in General Discussion edited February 2019
Facebook has been accused of taking advantage of its position to violate the privacy of its users, with an investigation claiming apps that deal with sensitive data, including financial and health-related information, is sharing some of that data with the social network.

Facebook HQ's road sign

Following the Cambridge Analytica fiasco and the subsequent government investigations, it would be expected Facebook would be more mindful about the information it compiles on its users. A new report suggests otherwise, accusing Facebook of acquiring information that users would not typically expect to share with the company willingly.

According to tests performed by the Wall Street Journal, Facebook's software collects data from numerous apps within seconds of it being entered by the user, without any sign of a prominent or specific disclosure by the app. In these cases, it was also found the data was transmitted to Facebook if the user didn't log into Facebook for authentication, or even if the user didn't have a Facebook account in the first place.

At least 11 popular apps across both iOS and Android ecosystems were found to report data back to Facebook, with the apps downloaded tens of millions of times in total.

On the iOS side, the app Instant Heart Rate: HR Monitor by Azumio, deemed the most popular heart-rate app in the App Store, sent the user's heart rate straight after a reading is performed. The Flo Period and Ovulation Tracker, said to have 25 million active users, advises Facebook when the user advises they wish to get pregnant, and when a user is having their period.

In another example, the Move Inc-owned Realtor.com sent Facebook the location and price of listings viewed by a user, as well as those marked as favorites.

Facebook claims some of the data sharing activities brought up in the tests seemed to violate its business terms, which asks developers to avoid sending "health, financial information or other categories of sensitive information." The apps were flagged by Facebook to stop sending information that may be deemed sensitive, with the suggestion of additional action if the apps fail to comply with the demand.

A Facebook spokesperson advised "We require app developers to be clear with their users about the information they are sharing with us."

The data shared by apps is usually brought into a Facebook tool that provides statistics about user activities. Facebook also uses the same data to serve advertising and for market research, but while its terms in theory allow for it to be used in other ways, the company insists it does not.

Apple advised to the report it requires apps to acquire "prior user consent" in order to collect data, as well as to move to prevent unauthorized access and usage by third-party firms. "When we hear of any developer violating these strict privacy terms and guidelines, we quickly investigate and, if necessary, take immediate action," a spokesperson told the report.

The investigation is the latest in a string of events where Facebook's attitude to privacy has been questioned.

In August, Facebook pulled its Onavo Protect VPN service from the iOS app store, after Apple found it was violating a number of just-implemented privacy policies, particularly surrounding data collection restrictions.

Another similar incident occurred in January, with the discovery Facebook was offering a Facebook Research app to users that installed a VPN on their iOS devices. Users were paid $20 plus referral fees, in exchange for nearly unfettered access to iOS usage patterns and activity.

In that case, it was also found Facebook was abusing Apple's Enterprise Developer Certificates, which allowed apps to be sideloaded onto devices without having to abide by App Store guidelines, and so avoiding the data collection and privacy rules. The use of the Enterprise Developer Certificates was meant for within a company, not for those outside the organization like members of the public, with Facebook's use violating Apple's terms.

Shortly after reports of the app's nature, Apple revoked Facebook's certificate, reportedly throwing the company into chaos as Facebook's employees were denied access to private versions of internal tools that also used it. Apple restored the certificate roughly 30 hours after it was pulled.

Facebook is currently in negotiations with the U.S. Federal Trade Commission over a privacy violations fine relating to the Cambridge Analytica scandal and its subsequent fallout. The talks, aimed at avoiding legal action, could result in a settlement with the FTC that extends to billions of dollars, far exceeding the current FTC settlement record holder Google's $22.5 million payment.

On Thursday, Facebook advised it will shutter Onavo Protect fully and stop recruiting new users for Facebook Research, as it attempts to move to more transparent paid research programs.


  • Reply 1 of 36
    It just gets worse...

    Like an iceberg, I suspect we've only seen the tip.
  • Reply 2 of 36
    Only the top 10% of the (Zucker)berg is above the water line.
  • Reply 3 of 36
    It just gets worse...

    Like an iceberg, I suspect we've only seen the tip.
    ooops, I just liked your comment, so I guess that's now sent to Facebook too !
  • Reply 4 of 36
    My uncle uses this app to get heart rate readings on his iPhone even though he owns a Series 3 Apple Watch. I will definitely be informing him of this. 
    I will ask him to take heart rate readings with Heart Rate app on  apple Watch
  • Reply 5 of 36
    irelandireland Posts: 17,794member
    My uncle uses this app to get heart rate readings on his iPhone even though he owns a Series 3 Apple Watch. I will definitely be informing him of this. 
    I will ask him to take heart rate readings with Heart Rate app on  apple Watch
    Tell him to delete the app and send the company feedback he won’t use any of their apps again.
  • Reply 6 of 36
    This sh*t gets worse almost by the hour and we’re far beyond “reasonably bad expectations”. If this is not criminal then always are seriously upf*cked. 
  • Reply 7 of 36
    hexclockhexclock Posts: 1,191member
    I usually don’t think this way, but Facebook needs to be utterly destroyed. Enough is enough. 
  • Reply 8 of 36
    FolioFolio Posts: 698member
    We need in the US some fundamental tenets and regulation here. Even Apple is getting lumped into the mess, and it is hardly as pure as Mr. Cook likes to say. For instance, on one hand you want digital authentication of ID. Apple the best here. But most times you should be able to act without parties cataloging your every click and swipe unless you consent. Apple could improve here. The financial credit cards didnt abuse your personal data to this level. Why now big tech? Is Cook can move the issue at Stanford graduation great recruitment oppty.
  • Reply 9 of 36
    sflocalsflocal Posts: 6,057member
    It sounds like the app developers are the ones to be crucified, not Facebook.

  • Reply 10 of 36
    AppleExposedAppleExposed Posts: 1,805unconfirmed, member
    Apple needs to takeover Facebook but not in acquisition, in services.
  • Reply 11 of 36
    sflocal said:
    It sounds like the app developers are the ones to be crucified, not Facebook.

    Why exclude FB? They create the demand, they know what they are buying. 

    On the app-side of tings once more it’s the crystal clear message that there is nothing like a free lunch.
  • Reply 12 of 36

    The words I use to describe Facebook:

    revolting · repellent · repulsive · sickening · nauseating · nauseous · stomach-churning · stomach-turning · off-putting · unpalatable · unappetizing · uninviting · unsavory · distasteful · foul · nasty · obnoxious · odious · vomitous · yucky · icky · gross · sick-making · gut-churning · grotty · squicky · bogging · disgustful · offensive · appalling · outrageous · objectionable · displeasing · shocking · horrifying · scandalous · monstrous · unspeakable · shameless · shameful · vulgar · gross · vile · wicked · odious · heinous · abhorrent · loathsome · obnoxious · detestable · hateful · sickening · contemptible · despicable · deplorable · abominable · execrable · unforgivable · unpardonable · inexcusable · intolerable · insupportable · beyond the pale · horrid · ghastly · sick · godawful · beastly · disgustful · loathly · scurvy · egregious · exceptionable

    The words I use to describe how I feel about Facebook:

    hate · loathe · detest · dislike greatly · abhor · abominate · despise · execrate · feel aversion toward · feel revulsion toward · feel hostile toward · be repelled by · be revolted by · regard with disgust · not be able to bear/stand · be unable to stomach · find intolerable · shudder at · recoil from · shrink from · hate someone's guts · disrelish

    The words I hope others use to describe Facebook:

    hating · loathing · hatred · detestation · dislike · distaste · abhorrence · abomination · execration · resentment · aversion · hostility · ill will · ill feeling · bad feeling · enmity · animosity · antagonism · antipathy · bitterness · animus · revulsion · disgust · contempt · repugnance · odium · rancor · disrelish

    edited February 2019 magman1979racerhomie3tyler82watto_cobra
  • Reply 13 of 36
    I don't have a FB account, but I guess that doesn't matter.  Also I don't use any of the listed apps.  I'm sure there are many others apps doing the same, and I may have some of those installed.  I did use this as a wakeup call.  I deleted all but the  most used apps on my IOS devices.  Ones that I may use occasionally I will just download and use while I need them.  The entire cultural attitude of FB is "its easier to get forgiveness than permission".  They will just keep pushing the envelope until something (hopefully some privacy laws) contains their activity.  
  • Reply 14 of 36
    GeorgeBMacGeorgeBMac Posts: 11,421member
    My uncle uses this app to get heart rate readings on his iPhone even though he owns a Series 3 Apple Watch. I will definitely be informing him of this. 
    I will ask him to take heart rate readings with Heart Rate app on  apple Watch
    Yeh, it's a good idea to let him know.   But many third party apps do much more with the data than Apple does --- particularly in reporting history and trends, etc...   Once it goes into Apple's health app it's pretty much entered a black hole of data.   The Health App sucks it in, but only provides little meaningless squiggly line graphs as output.
  • Reply 15 of 36
    I see Apple said "...we quickly investigate and, if necessary, take immediate action"

    That's great and I appreciate Apple can't always detect what unscrupulous data thieves (like Facebook) do to get personal data from people.
    But Apple really need to come down hard on Facebook & Google - not directly and publicly like they did to Flash but by closely examining how Fb steal this data and cutting off access, bit by bit before the WSJ or other bodies find it. 

    Surely if the WSJ can think of and find this activity, Apple with its thousands of engineers & tech heritage can do better.
    edited February 2019 christopher126watto_cobra
  • Reply 16 of 36
    I'm not expecting a particularly stellar response, but this is what I've just sent to Azumio:

    I am very disappointed to discover from recent reports that apparently you have been sending my personal health data to Facebook. I am a resident of the UK, and regardless of any terms and conditions you may consider cover this behaviour, you should be aware that personal data of this sort is protected under the GDPR in the European Union. I request that you respond with a full copy of all data you have shared with Facebook, in compliance with GDPR regulations. I have deleted my copies of Sleep Time and Heart Rate from my iOS devices, and do not intend to use your software again.

    Obviously they won't have a copy of my health data (or at least I hope they don't!) but the fact they won't be able to supply it makes them even more culpable as far as GDPR regulations are concerned. We'll see what they say, if anything...

    clegerlorin schultzchristopher126JaiOh81watto_cobra
  • Reply 17 of 36
    People on FB whining about privacy is like a smoker complaining about their lungs.
  • Reply 18 of 36
    hexclockhexclock Posts: 1,191member
    People on FB whining about privacy is like a smoker complaining about their lungs.
    True, but the article also states that some information was transmitted to FB even if the user didn’t have an account. 
  • Reply 19 of 36
    Only the top 10% of the (Zucker)berg is above the water line.
    Very clever :D
  • Reply 20 of 36
    We are getting 'Zucked!' He's a creep and 'The FaceBook' is creepy! 

    Stop tracking our kids, Zuck!

    Zuck has to go! :)

    edited February 2019 baconstangwatto_cobra
Sign In or Register to comment.