Zoom iOS update removes 'feature' that sent user data to Facebook
Video conferencing service Zoom on Friday issued an update for its iOS app, removing an SDK that sent users' data to Facebook without their express consent.
Zoom for iOS was updated today to remove Facebook's SDK.
On Thursday, a report from Motherboard revealed Zoom's iOS app was sharing user analytics data with Facebook without noting the practice in its privacy policy.
Specifically, the app used Facebook's SDK to integrate "Login with Facebook," a feature that provides quick and easy sign-in capabilities. By including the SDK, however, Zoom automatically connected to and shared information with the Facebook Graph API, even if a user did not maintain Facebook account.
The company also failed to adequately inform users of its data sharing practices.
After the revelation was made public, Zoom on Friday removed Facebook's SDK for "collecting unnecessary device data."
"The data collected by the Facebook SDK did not include any personal user information, but rather included data about users' devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space," Zoom said in a statement to Motherboard.
Zoom is "reconfiguring" the Facebook login feature to allow users to sign on with Facebook through a web browser. Users will need to download an updated version of Zoom's iOS app in order for the changes to take effect.
"We sincerely apologize for this oversight, and remain firmly committed to the protection of our users' data," Zoom said in its statement.
Zoom for iOS was updated today to remove Facebook's SDK.
On Thursday, a report from Motherboard revealed Zoom's iOS app was sharing user analytics data with Facebook without noting the practice in its privacy policy.
Specifically, the app used Facebook's SDK to integrate "Login with Facebook," a feature that provides quick and easy sign-in capabilities. By including the SDK, however, Zoom automatically connected to and shared information with the Facebook Graph API, even if a user did not maintain Facebook account.
The company also failed to adequately inform users of its data sharing practices.
After the revelation was made public, Zoom on Friday removed Facebook's SDK for "collecting unnecessary device data."
"The data collected by the Facebook SDK did not include any personal user information, but rather included data about users' devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space," Zoom said in a statement to Motherboard.
Zoom is "reconfiguring" the Facebook login feature to allow users to sign on with Facebook through a web browser. Users will need to download an updated version of Zoom's iOS app in order for the changes to take effect.
"We sincerely apologize for this oversight, and remain firmly committed to the protection of our users' data," Zoom said in its statement.
Comments
Quite disgusting. You never know in which App/website that “feature” is hiding.
Disinfecting yourself of Facebook only gets you so far. The company has spread like a virus...
It wasn't a good idea back in like 2012 when it started to be pushed, and certainly shouldn't be a good idea these days when we know all the bad things that have resulted.
I do agree that people using social media logins are asking for any tracking that they get.
It's past due for Facebook to be treated as a toxic brand name. Microsoft should do well to minimize any interaction with them to a bare minimum.
It’s the reason the market cap exploded the last five years. Well that and Azure...
But t is unlikely Farcebook makes this data theft explicit. It is near impossible that a small team of IT experts trying to bring a new product to market could ever find the fact out.
I'm interested to know how many people decided not to use a service they were already using, like Facebook, after getting clear language due to GDPR. My guess is not many.
Back on topic, my child has to use Zoom to meet with her class every day. They just started using it this week. I see no update available on her iPad.
Even after this was made public, the vast majority of people don't know about it, and many still don't care. The practical point for many people is Zoom works and it's being used. If your boss sets up a meeting with Zoom, you can't just say "I don't like my data being shared so I'm not going to participate in the meeting."
My question is why does using the Facebook SDK to allow Facebook logins automatically send data even if it's not being used...oh yeah, it's Facebook. Never mind.
What kind of reporting does Zoom do through its web app on macOS?
Good article on zdnet.com right now about changes in the T&C for the Apple Card that involve data sharing.
At this point I have no confidence in Zoom's safe handling of my login credentials. My request for answers from Zoom tech support has not been answered.
AppleInsider - you're better than this for shaming Zoom for something you and almost every other website on the internet is doing...