Charlie Warzel, Buzzfeed:
Major Android apps like Tinder, Grindr and Pregnancy+ are quietly transmitting sensitive user data to Facebook, according to a new report by the German mobile security initiative Mobilsicher. This information can include things like religious affiliation, dating profiles, and healthcare data. It’s being purposefully collected by Facebook through the Software Developer Kit (SDK) that it provides to third-party app developers. And while Facebook doesn’t hide this, you probably don’t know about it.
As long as you’ve logged into Facebook on your mobile device at some point (through your phone’s browser or the Facebook app itself), the company cross-references the Advertising ID and can link the third-party app information to your profile. And even if you don’t have a Facebook profile, the data can still be transmitted and collected with other third-party app data that corresponds to your unique Advertising ID.
A Facebook representative clarified to BuzzFeed News that while it enables users to opt out of targeted ads from third parties, the controls apply to the usage of the data and not its collection. The company also said it does not use the third-party data it collects through the SDK to create profiles of non-Facebook users. Tinder, Grindr, and Google did not respond to requests for comment. Apple, which uses a similar ad identifier, was not able to comment at the time of publication.
The only reason this is allowed is because users don’t know it’s happening. Very few people would actually approve of Facebook doing this if it were spelled out in plain language terms.
Developers, for their part, should not be using SDKs that connect to Facebook — or, for that matter, other surveillance companies such as Google. That can be difficult; these companies have either created or purchased some of the most critical and widely-used components in many a developer’s toolchain. It is imperative that non-surveillance alternatives are developed and promoted further.