The iOS version of the Zoom video calling service is reportedly sending data to Facebook, even if the user does not own a Facebook account to begin with.
As COVID-19 upends the world, Zoom’s daily user base has shot up by 67 percent. With more workplaces and classrooms relying on this video-conferencing tool, its privacy vulnerabilities have become increasingly obvious and hard to ignore.
As it turns out, Zoom is actually a privacy nightmare. Motherboard is reporting today that the Zoom iOS app silently sends user data to Facebook even if the user does not have a Facebook account.
Zoom, like other apps, uses Facebook’s software development kits (SDK) to implement features quickly. In exchange, Facebook gains useful information about users. As Vice’s Motherboard explains, Zoom connects to Facebook’s Graph API, which is the way developers get data in or out of Facebook.
The Zoom app notifies Facebook when the user opens the app, details on the user’s device such as the model, the time zone and city they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user’s device which companies can use to target a user with advertisements.
Given the ubiquity of app developers relying on Facebook’s software development kits (SDKs), it’s not uncommon for apps to share some degree of data with the platform. It’s basically a trade-off; developers rely on SDKs to make their apps more usable while Facebook extracts some information in the process. But in Zoom’s case, iOS users have yet to be made aware of this transaction.
Facebook told Motherboard that if companies are using their SDKs then they need to be transparent about the data collection and privacy. Facebook’s terms say: “If you use our pixels or SDKs, you further represent and warrant that you have provided robust and sufficiently prominent notice to users regarding the Customer Data collection, sharing and usage,” and specifically for apps, “that third parties, including Facebook, may collect or receive information from your app and other apps and use that information to provide measurement services and targeted ads.”
If Zoom does not plan to reduce or entirely eliminate this exchange with Facebook, it should make it abundantly clear to its iOS users that the app shares their information with the network. People can then make an informed decision based on their own individual threat models as to whether (or not) they want to continue using the app. Without basic knowledge of such a transfer, Zoom iOS users are essentially working in the dark.