UK-based Privacy International revealed on Sunday to the 35th Chaos Communication Congress a glimpse of the extent to which app developers are handing data to Facebook, even if the user is not a Facebook user.
In its report on the subject, based on testing 34 Android apps that have between 10 to 500 million users, the charity said it was “greatly concerned” with how user data is “exploited” in the back-end systems of Facebook and Google.
Privacy International found that 23 of the apps it tested sent data to Facebook — data which tells the social network that a user has opened or closed a specific app, along with information about the device, and language and time zone settings.
The apps also sent along the user’s Google advertising ID, which allows tracking companies to easily conduct profile matching.
Coming in for special treatment was the Kayak travel booking app, which passed data to Facebook with each search within the app: time of the search; departure and arrival city, airport, and date; and number and class of tickets.
Privacy International pointed out that this behaviour happened regardless of whether the user was logged out of Facebook, or was without an account on the social network.