Update (30/03/2020): Over the weekend, Zoom said it had removed the code that sends data from the iOS app to Facebook. The company said in a statement that information sent to the social network didn’t include any meetings related activity:
We originally implemented the “Login with Facebook” feature using the Facebook SDK for iOS (Software Development Kit) in order to provide our users with another convenient way to access our platform. However, we were made aware on Wednesday, March 25, 2020, that the Facebook SDK was collecting device information unnecessary for us to provide our services. The information collected by the Facebook SDK did not include information and activities related to meetings such as attendees, names, notes, etc., but rather included information about devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space.
Zoom’s video conferencing app has grown more popular than ever lately, while people are staying home to flatten the curve. But you should know that there’s a major privacy concern with the service.
Last night, Vice reported that Zoom‘s iOS app is nonconsensually sending data to Facebook — even if you don’t have a Facebook account.
Joseph Cox noted in his report for Vice that every time you open the app, it sends your data to Facebook including your device’s model, network provider, time zone, city, and a unique device identifier that advertisers can use to send you targeted ads.
Facebook’s policy about using its SDK (Software Development Kit) and tracking Pixels is quite clear: A website or app using it has to explicitly mention that your data is being shared with third-parties, including Facebook. Plus, it has to provide an option to opt-out of tracking. Zoom doesn’t address these points at all.
Last week, digital rights non-profit Electronic Frontier Foundation (EFF) pointed out some of the privacy risks in using Zoom’s products. The report said IT admins of your company can access a bunch of information about you during a meeting including your device information, IP address, and operating system. Plus, the app has an attention tracking feature, which is off by default, that allows hosts to check if a participant’s Zoom app window is active or not on their desktops.
It might be hard for you to avoid Zoom completely, especially if your colleagues or clients use the service. However, instead of using the app, you can join the meeting by opening the link in your browser (on mobile or desktop), and avoid the app’s intrusive features.