Zoom’s iOS app is sending your data to Facebook, because privacy is a myth (Updated)

Zoom iOS App

Update (30/03/2020): Over the weekend, Zoom said it had removed the code that sends data from the iOS app to Facebook. The company said in a statement that information sent to the social network didn’t include any meetings related activity:

We originally implemented the “Login with Facebook” feature using the Facebook SDK for iOS (Software Development Kit) in order to provide our users with another convenient way to access our platform. However, we were made aware on Wednesday, March 25, 2020, that the Facebook SDK was collecting device information unnecessary for us to provide our services. The information collected by the Facebook SDK did not include information and activities related to meetings such as attendees, names, notes, etc., but rather included information about devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space.  

Zoom’s video conferencing app has grown more popular than ever lately, while people are staying home to flatten the curve. But you should know that there’s a major privacy concern with the service.

Last night, Vice reported that Zoom‘s iOS app is nonconsensually sending data to Facebook — even if you don’t have a Facebook account.

What’s more shocking is that the company’s privacy policy makes no mention of it. Plus, the app doesn’t make it clear anywhere that it’s sending your data to the social network.

[Read: Chinese security guards use smart glasses to find people with coronavirus]

Joseph Cox noted in his report for Vice that every time you open the app, it sends your data to Facebook including your device’s model, network provider, time zone, city, and a unique device identifier that advertisers can use to send you targeted ads.

Facebook’s policy about using its SDK (Software Development Kit) and tracking Pixels is quite clear: A website or app using it has to explicitly mention that your data is being shared with third-parties, including Facebook. Plus, it has to provide an option to opt-out of tracking. Zoom doesn’t address these points at all.

Last week, digital rights non-profit Electronic Frontier Foundation (EFF) pointed out some of the privacy risks in using Zoom’s products. The report said IT admins of your company can access a bunch of information about you during a meeting including your device information, IP address, and operating system. Plus, the app has an attention tracking feature, which is off by default, that allows hosts to check if a participant’s Zoom app window is active or not on their desktops.

It might be hard for you to avoid Zoom completely, especially if your colleagues or clients use the service. However, instead of using the app, you can join the meeting by opening the link in your browser (on mobile or desktop), and avoid the app’s intrusive features.

A developer named Arkadiy Tetelman has also built a handy Chrome extension that will redirect you to the web version of the meeting.
With a rapidly growing user base, it’s imperative that Zoom at least includes disclaimers in its app and terms of use. We’ve contacted the company to learn more and will update this post if there’s a response.

Read next: How I grew my third startup faster than ever before