Zoom is a convenient app for video conferencing and a lot of people have used it too during these lockdown times in good measure. But it now turns out that the Zoom app is sending analytical data from its app to Facebook in the case of iOS users even though the users may not hold a Facebook account.
When you sign up for an app after downloading it, there are terms and conditions the app asks you to agree to, before you are permitted to use it. These are usually in fine print, and 99 out of 100 people would simply say Agree without reading them. Privacy policy is a key part of these terms. The app developer is expected to state clearly what will be done with the data collected. In the case of Zoom, its privacy policy says that the company may collect a user's Facebook profile information when you use Facebook to log in. But it does not mention anything about sending data to Facebook on users who do not even have a Facebook account. A researcher has now found that Zoom deploys certain software development kits (SDKs) of Facebook in its app. This creates a default situation of the user’s information being sent to Facebook without the user’s knowledge.
The researcher found that Zoom first alerts Facebook as soon as the user opens the app. In the next stage, Facebook gets to know which device the Zoom app is being used on and the carrier. It even notifies the user’s location and time zone. As if these were not enough, an advertiser identifier is also conveyed to Facebook.
The knowledge that the Zoom app has been doing this with the iOS users has come as a shock to many. Reacting to this development, Facebook claims that its understanding with the app developers who wish to use its SDK is that they must inform their users what kind of data is being collected and sent to Facebook.
There are other vulnerabilities too that have been noticed in the Zoom app.