Zoom's iOS app is sending off analytics data to Facebook without warning, even if users don't have a Facebook account.
The video conferencing app's popularity has exploded during the COVID-19 outbreak, becoming essentially an industry standard for video conferences and remote work meetings.
According to network traffic analysis carried out by Motherboard, Zoom for iOS is sending data to Facebook without making any mention of the practice in its privacy policy.
Upon being downloaded and installed, Zoom connects to the Facebook Graph API, a practice that is not entirely uncommon since many app makers use Facebook software development kits (SDKs) to implement features into their software.
As Motherboard points out, however, there's nothing in Zoom's privacy policy that makes it clear this type of data sharing is happening. Zoom notes that it may collect data related to a user's Facebook profile, but doesn't explicitly mention sharing data on users who don't have a Facebook account. The company says it does share data with third parties, but doesn't name Facebook specifically.
Among other things, Zoom notifies Facebook when the iOS app is opened, what device a user is using, what carrier they're on, and what city and time zone they're connecting from. The data also includes a unique advertiser tag, connected to a user's device, that companies use to target advertisements.
Facebook's terms actually require app makers to give their users "robust and sufficiently prominent notice" of data sharing practices. One section even indicates that apps need to specify Facebook by name.
Back in February, the Electronic Frontier Foundation (EFF) found that the Ring for Android app was sending a similar batch of data to analytics companies. While Ring eventually paused those data sharing practices, it hasn't been confirmed whether the company's iOS app did the same thing.
This isn't the first time that Zoom has had a privacy or security blunder. In 2019, a security researcher discovered a zero-day flaw that left users vulnerable to webcam hijacking without their knowledge.
The EFF also detailed some of the other privacy implications of Zoom, including the fact that call hosts can basically monitor the activities of call participants.
13 Comments
Time for the App Store to subject Zoom to an ad hoc review. I'm not holding my breath for Facebook to enforce its own policies.
I have removed ZOOM last year & also moved away from RingCentral - at present I am testing Avaya Spaces & Cisco WebEx - does anyone know if those share Analytics Data too & what other Multi-Platform Conferencing Tools there are?
Linked is an open source option: obsproject.com
Does this apply to Zoom’s desktop software? I have an upcoming Doctor’s appointment and it will be through Zoom.