Popular Zoom iOS Meeting App Shares Your Private Data With Facebook Without Permission
It should come as no surprise that video conferencing software is seeing a sudden uptick in usage—more people are telecommuting in order to social distance themselves amid the COVID-19 outbreak. Zoom is among the beneficiaries of the current situation, though not without controversy. New research indicates that Zoom's iOS app is sending analytical data to Facebook on the sly.
Apps sending information to Facebook is not the least bit uncommon. Many apps and services tie their offerings into Facebook, and it can be convenient for users who do not want to juggle yet another account. But when it comes to sharing analytical data, that sort of thing should be made clear to users, and require their consent.
According to Motherboard, that is not the case with Zoom and its iOS application. The site conducted an investigation and found that Zoom notifies Facebook when the user opens the app and provides various details, such as the device they are using, the user's city they are connecting from and the time zone they are in, and a unique advertiser identifier created by the device for targeted advertising.
The issue with all this is, according to the report, that Zoom is not upfront about its data collection practices and the subsequent transfer to Facebook. Zoom's privacy policy does not cover the extent of what of the iOS does in this regard. It does say the app may collect a user's "Facebook profile information (when you use Facebook to log-in to our Products or to create an account for our Products)," but does not mention sending data to Facebook for users who don't even have a Facebook account.
"I think users can ultimately decide how they feel about Zoom and other apps sending beacons to Facebook, even if there is no direct evidence of sensitive data being shared in current versions," Will Strafach, an iOS researcher and founder of iOS app Guardian, told Motherboard.
Zoom has also captured the attention of the Electronic Frontier Foundation, which points out that administrators can access the contents of recorded calls. This includes video, audio, transcripts, and chat files, along with access to sharing, analytics, and cloud management privileges.