After reports that the Zoom app on iOS was sending
details about the users’ devices to Facebook, even if they had no Facebook
account, the company announced that it removed the Facebook SDK from the
application.
The Facebook SDK sends telemetry back, usually about
devices it’s installed on, including hardware and operating system. While this
information might help Facebook determine the hardware the apps are being
installed on and the software ecosystems used, it’s at least strange to see the
SDK send back this data for users who have no Facebook account or didn’t choose
to use the Facebook login feature.
An investigation by Motherboard
revealed this fact about the Facebook SDK implemented into the web conferencing
app Zoom. It turns out that analytics was shared when users simply opened the
app. The information sent back included details about the time zone, the time
the app was opened, the default language, the iOS version, the IP address, the
mobile carrier, and hardware details about the device itself.
Zoom implemented the Facebook SDK to let users log in by
using their Facebook credentials, but after the investigation revealed that it
was doing more than that, the team decided to remove it entirely.
“We were made aware on Wednesday, March 25, 2020, that
the Facebook SDK was collecting device information unnecessary for us to
provide our services,” said Zoom in a blog post.
“The information collected by the Facebook SDK did not include information and
activities related to meetings such as attendees, names, notes, etc.”
“We decided to remove the Facebook SDK in our iOS client
and have reconfigured the feature so that users will still be able to log in
with Facebook via their browser.”
An update is now available for the Zoom app, and users
need to install it as soon as possible. It’s still possible to log in with Facebook
credentials, but new users will have to use the web version through the default
browser.