Users should only open the app for these services so that their information ends up in the hands of the social network
According to reports of cybersecurity experts from the International Institute of Cyber Security, various travel apps, such as TripAdvisor, Skyscanner or Yelp, have shared a large amount of personal information of their users (specifically Android users) with Facebook, regardless of whether customers had a Facebook account or whether it was linked to their accounts in these services.
Privacy International (PI), a UK-based non-profit organization, has reported on this incident: “An example of this is the Kayak app (used for travel search and price comparison). This app sends to Facebook detailed information about the searches that its users carry out, such as flight schedules, departure dates, airports or airlines.”
The NGO has carried out an analysis of the data that these applications have provided to the social network, identifying that much of this information is tied to the category of “personal data” of the European Union’s General Data Protection Regulation (GDPR). PI ensures that these data, albeit indirectly, may be useful for the identification of many of the users of these services.
“Advertisers try to link data about user behavior across different platforms. If all of these data from different sites are combined, you can set up a detailed user profile, including interests, routines, or online activity,” the PI report mentions.
Cybersecurity experts found that services such as TripAdvisor, Skyscanner, Kayak and Yelp sent to Facebook the users’ data at the time of starting the app. Among other data, PI mentions that apps send to Facebook information such as device configuration, location, language and time zone.
According to reports of cybersecurity specialists, both Skyscanner and TripAdvisor assured PI that they were unaware of this fact, thanking the NGO for alerting their teams about these drawbacks. Skyscanner published a statement mentioning that: “Since we received these reports we launched a priority update for our app, so it will stop sending information to Facebook. Also, we will begin an audit in our systems to make the necessary modifications to guarantee the respect to the privacy of our users”.
On the other hand, Facebook keeps generating scandals related to the users’ privacy. Last December, several media reported that the social network shared the private messages of its users with services such as Netflix, Spotify and even a Canadian bank. Also, cybersecurity researchers said that Facebook gave Microsoft, Sony, Amazon, among others, the ability to get the email addresses of their users’ contacts for a long time until 2017, in addition to granting manufacturers like Apple the ability to implement special features on their devices when connected to the Facebook platform.
Some companies consider the way in which Facebook collects information is too aggressive, so it damages the trust that users may have in travel services, purchases, etc.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.