Major Android apps such as search service Yelp and language learning platform Duolingo are still sending personal data, without user consent, to Facebook for ad tracking, despite the backlash the social media giant faced on charges of collecting data by bribing teenagers in India and the US. Two other Muslim prayer apps, a Bible app as well as a job search app called Indeed have also been accused of leaking similar data to Facebook for ad targeting purposes even when people are not logged in or do not have a Facebook account, suggests a report from London-based watchdog group, Privacy International (PI).
Apart from ad tracking, Facebook has been collecting sensitive user data such as contact logs, call histories, SMS data and real-time location data to improve other features on its platform like friend suggestions. Similarly, several iOS app-makers use a Facebook analytics tool known as "custom app events" to share sensitive health, fitness and financial data with the social network.
"PI says it's in contact with Duolingo and the company has agreed to suspend the practice, but it's not clear how many other apps in the Android or iOS ecosystem may be skirting Apple and Google's data-collection and user privacy policies to improve Facebook's ad targeting tools," The Verge reported.
The practices have outraged users and privacy advocates who acknowledge that Facebook is, indeed amassing far too much data about their personal lives and online and offline behaviours.
Facebook, however, claims that it places all responsibility on apps to ensure that the data sent to it has been collected lawfully. Last month, Facebook reportedly decided to put an end to its unpaid market research programmes.
The company was pulled up on Tuesday over its secure login process two-factor authentication (2FA) where it asked users to add phone numbers, which could be searched by advertisers. The practice drew criticism even from Facebook's former chief information security officer Alex Stamos.
However, the company is yet to comment on the PI report, The Verge added.
