A new study carried out by Privacy International has discovered that almost 20 out of 34 popular Android apps are violating the EU privacy law by sending sensitive user data to Facebook without permission, Engadget is reporting. The transmitted info includes analytics data and is commonly sent at launch along with a user’s unique Android ID.
These apps, which include the likes of TripAdvisor, Kayak, MyFitnessPal, and Skyscanner, are violating the EU’s GDPR privacy rules by both collecting info without consent and potentially identifying users.
For example, the travel search app Kayak is reportedly sending destination and flight search data, travel dates, and whether or not the kids are coming along:
Facebook was sympathetic to Privacy International’s concerns in a response, stating that it was crucial for people to both know when an app send data and to “have control” over whether or not that data is linked to them. Future changes like Clear History will also help, Facebook said. The company also stressed to the Financial Times that developers could turn off automatic data gathering and could delay sending app analytics.
While most of the shared data might not immediately identify the user, it could theoretically be used to recognize someone through other means, such as the apps they have installed or whether they travel with the same person.