Privacy at risk with Zoom, the (updated) app for video calls. He sent data to Facebook without an account

The mandatory quarantine for everyone is putting a strain on internet networks that are having significant work overloads. And there are really many who have stayed at home to work in the last two weeks through the so-called ” agile work “, that is, the possibility of performing the same job done at home but precisely in the home. Many lately have needed to use applications or software capable of making stable group video calls and above all open to numerous participants.

In this context, Zoom Meeting in recent weeks has had great success for its stability of use but also for the possibility of having a practically unlimited number of accesses by participants, upon payment of the app.

Unfortunately, according to a Motherboard report, the application would have some important privacy issues. The update of the application has already arrived by removing the sharing with Facebook even if according to Zoom, it was the fault of the Social Network.

Zoom: the video calling app that shares data with Facebook

According to the report, Zoom would send sensitive information to Facebook, even without the user actually having an active account. The situation does not seem to be very transparent. The fact is that the sending of data takes place even without a concrete Facebook account of the user, and above all, this is not explained in the video call application policy.

What happens? Substantially the sending of data by Zoom takes place as soon as the application is launched, and it connects with Facebook’s Graph API, which is nothing but the component to which the developers must refer for the exchange of data with the social network. In this case, the information that is transmitted concerns the details on opening the application in the device used but also with the time zone and even the city, and the mobile operator used.

If this was not enough with the use of the Zoom application, a unique code associated with each user who uses the platform is also sent. This code is basically the user’s ” identity card ” which could then be used by Facebook or by others for personalized advertisements. Information to profile the user and which basically concern a file reported by the Electronic Frontier Foundation which Ring, the Amazon subsidiary, uses as well as other external services.

Looking at the policies of the company that created Zoom, it clearly reads the possibility that the same goes to collect data relating to users, which are then reused by ” external service providers and advertising partners ” such as Google Ads and Google Analytics.

There is no mention that a user who does not have a Facebook account may find himself sharing his data. And the Zoom application in the last few days is having a real boom in downloads on a global scale with a download of up to 2.41 million during the past 25 March against the 171 thousand in mid-February: an increase of 1,300%.

Zoom: the update fixes everything (maybe)

Zoom seems to have already remedied the situation by updating the iOS application. In this case, an application spokesperson said the company was unaware that the SDK was collecting unnecessary data. In short, it seems that the fault was Facebook and not Zoom.

“Zoom takes its users’ privacy very seriously. We originally implemented the ‘Log in with Facebook’ function using the Facebook SDK in order to provide our users with another quick way to access our platform.

We were recently informed that the Facebook SDK was collecting unnecessary data on the device. The data collected by the Facebook SDK did not include personal user information but included data on users’ devices, such as the type and version of the mobile operating system, the time zone of the device, the operating system, the model and the operator, screen size, processor cores, and disk space.

We will remove the Facebook SDK and reconfigure the function so that users are still able to log in with Facebook through their account. Users will need to update to the latest version of our application once it becomes available for these changes to take hold, and we encourage them to do so. We sincerely apologize for this oversight and remain firmly committed to protecting our user’s data. ”