Zoom is selling its users’ conference data to Facebook

Although the laws of several countries have imposed increasingly severe measures against bad privacy and data protection practices, web application penetration testing experts mention that many companies continue to offer few guarantees to safeguard the information of its users.

A recently published report ensures that the iOS app of the Zoom video conferencing service shares its users’ data with Facebook, a practice that is not mentioned in the service’s privacy policies. Among the information shared with the social media giant are details such as: model of the device used, time zone, city, mobile phone operator, as well as a user identification key. Zoom sends this data regardless of whether the user has a Facebook account or not.

“When you download and open the Zoom app for iOS, you initiate a connection to the Facebook Graph API, which is the main way the social network gets data,” mentions the report prepared by Motherboard web application penetration testing specialists.

While the video conferencing platform mentions to its users that some data may be collected from their Facebook profile, at no time are they notified that this information will be sent to the social network. In addition, the researchers mention that it is common practice for applications to use the Facebook Software Development Kit (SDK): “Many applications use this SDK as a way to easily implement functions in their applications, which involves sharing your users’ data with Facebook.”

The problem is that this practice necessarily requires companies to notify their users, a requirement that Zoom completely ignored: “This practice is highly likely to go unnoticed by Zoom users,” web application penetration testing specialists mention. 

In this regard, Facebook only commented that one of its policies is to require developers to be completely transparent with their users about the amount of information the service could collect. On the other hand, Zoom has not issued a position regarding this finding.

The International Institute of Cyber Security (IICS) notes that, due to social estrangement measures suggested to the emergence by coronavirus/COVID-19, the popularity of services like Zoom is increasing considerably, although users do not seem to be really concerned about the security of their personal information.