- Research by The Wall Street Journal suggests that at least 11 popular apps are secretly giving private user data to Facebook.
- This transmission of data allegedly happens regardless of whether the user even has a Facebook account.
- The WSJ report shows 11 iOS apps engage in this practice, but it also proved that at least one Android version does as well.
According to a new report from The Wall Street Journal, at least 11 popular iOS apps are sending private user data to Facebook — regardless of whether the user has connected their Facebook account or even has a Facebook account in the first place.
Some of the apps carry personal data, including health data which most would consider incredibly sensitive.
The Wall Street Journal’s research implicates 11 apps, all on Apple’s iOS platform. However, at least one of the apps has an Android version that The WSJ also confirmed is engaging in the secret practice.
According to the report, users are not notified in any apparent way that the apps allegedly share data with Facebook. Since there is no notification, there is also no way for the user to opt-out of the data sharing.
Here are four of the 11 iOS apps implicated in the report:
- Instant Heart Rate: HR Monitor
- Flo Health Inc.’s Flo Period & Ovulation Tracker
- Real-estate app Realtor.com, owned by Move Inc.
- Meditation app Breethe
The Wall Street Journal declined to list out six of the other implicated apps.
Additionally, The WSJ confirmed that one app — BetterMe: Weight Loss Workouts — allegedly shares data with Facebook from both its iOS and Android versions. The report only confirms iOS versions of the other 10 apps engage in the practice.
Facebook, in response to the report, claims that some or all of the apps in question could be sending the company data that it doesn’t need or request. In other words, it could be that the apps are sending the data even though they don’t need to, which could possibly violate Facebook’s own data policies.
Facebook claims at least some of the apps are sending user data that Facebook doesn't need, which might violate Facebook's own policies.
A possible explanation for this is that the apps are using Facebook tools to examine their own users’ data. In that case, Facebook is getting the data but not specifically doing anything with it for itself.
Several of the app developers involved in this scandal responded to The WSJ and agreed to remove the data collection policies. However, some did not respond.
In the case of the Instant Heart Rate: HR Monitor app, users’ heart rates were immediately sent to Facebook seconds after registering. The Flo Period & Ovulation Tracker app sent Facebook detailed information about its users’ menstruation data.
In some cases, this data was anonymized, but not all. Some data was easily connected to a specific user through ad tracker IDs.
As of today, Apple and Google don’t require apps to disclose all the partners with whom data is shared.