The Times story reports Facebook holds “data-sharing partnerships” with more than 60 device makers. The Facebook integration allowed device makers to offer users features such as messaging, “like” buttons and address books, reports NYT.
Furthermore, reportedly some manufacturers could retrieve a user’s friends’ data, even if they believe they opted to not share their information with outsiders. The partnerships give some device makers access to Facebook users’ education history, relationship status, work, religion, political leaning and upcoming events, the Times reported. Facebook started phasing out the program in April, but it’s still in effect for numerous partners.
BlackBerry responded to the Times reports, saying it does “not collect or mine the Facebook data of [its] customers”.
Among other controls, Archibong insists that Facebook made partners sign agreements that prevented user information from being exploited.
Facebook goes on to claim that given the sensitive nature of the data being shared, Facebook “tightly controlled” the APIs and made partners sign “agreements that prevented people’s Facebook information from being used for any other goal than to recreate Facebook-like experiences”.
Michelle De Mooy, director of the Center for Democracy and Technology’s Privacy and Data Project, told Threatpost that the incident once again undermines trust in the data ecosystem and highlights the misalignment between Facebook’s understanding of reasonable data-sharing and its users’ understanding.
It said information such as photos was only accessible on devices if users had chosen to share the data with those friends. “To bridge this gap, we built a set of device-integrated APIs that allowed companies to recreate Facebook-like experiences for their individual devices or operating systems”, Archibong added.
Privacy advocates always thought this was a bad idea, and in 2015 Facebook (fb) changed its policies to cut off this access-the Cambridge Analytica data-scraping took place in 2014.
“What we have been trying to determine is whether Facebook has knowingly handed over user data elsewhere without explicit consent”, Elisabeth Winkelmeier-Becker, one of the German lawmakers who questioned Facebook in April, told the paper.
Apple said it has stopped using the APIs and that it used them to allow users to post pictures and other information without having to open the Facebook app. Plus, these application programming interfaces, or APIs, are no longer as necessary today and thus “we’re winding down access to them”.
According to Archibong, 22 of the partnerships have already ended. “But the problem is that as more and more data is collected on the device – and if it can be accessed by apps on the device – it creates serious privacy and security risks”, Egelman explained. They continued to share data with device OEMs even when third-party data sharing was disabled, though still has noted that users could consent (or not) to share their data.
MKM Partners analyst Rob Sanderson says the GDPR may actually be helping internet advertising giants Facebook and Alphabet (GOOG, GOOGL) gain even more of an edge over the competition.