On Friday video-conferencing software Zoom issued an update to its iOS app which stops it sending certain pieces of data to Facebook. The move comes after a Motherboard analysis of the app found it sent information such as when a user opened the app, their timezone, city, and device details to the social network giant.
When Motherboard analyzed the app, Zoom's privacy policy did not make the data transfer to Facebook clear.
“Zoom takes its users’ privacy extremely seriously. We originally implemented the ‘Login with Facebook’ feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data," Zoom told Motherboard in a statement on Friday.
An SDK, or software development kit, is a bundle of code that developers often use to help implement certain features into their own app. The use of an SDK can also have the effect of sending certain data off to third-parties, however.
Do you know anything else about data selling or trading? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on [email protected], or email [email protected].
"The data collected by the Facebook SDK did not include any personal user information, but rather included data about users’ devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space," Zoom's statement added, mirroring Motherboard's findings. Will Strafach, an iOS researcher and founder of privacy-focused iOS app Guardian also confirmed Motherboard's findings that the Zoom app sent data to Facebook at the time.
On Friday, the "What's New" notes along with the Zoom iOS app update read, "Improvements to Facebook Login." Motherboard downloaded the update and verified that it does not send data to Facebook upon opening.
"We will be removing the Facebook SDK and reconfiguring the feature so that users will still be able to login with Facebook via their browser. Users will need to update to the latest version of our application once it becomes available in order for these changes to take hold, and we encourage them to do so. We sincerely apologize for this oversight, and remain firmly committed to the protection of our users’ data," Zoom's statement concluded.
Zoom has skyrocketed in popularity due to much of the world being under quarantine or so-called shelter in place orders.
Subscribe to our cybersecurity podcast, CYBER.
mcmunch20 on March 28th, 2020 at 09:12 UTC »
I bet the average person has like 5+ more apps on their phones that are still using the Facebook SDK though.
soaringstonks on March 28th, 2020 at 07:02 UTC »
Zoom used the Facebook SDK. For those of you unfamiliar or who aren’t app developers: the Facebook SDK is required to show the “Sign in with Facebook” button in an app. So any app you’ve ever used that has “Sign in with Facebook” was/is doing the same thing. Why do you think Facebook is free to use?
84ndn on March 28th, 2020 at 05:42 UTC »
"I don't believe you." - Ron Burgundy