Facebook has found itself in the grips of yet another scandal brewing around the globe, this time involving extremely personal information. It was revealed last week that the social media giant has been collecting vast amounts of personal data through about 11 popular health and fitness apps, without people’s knowledge.
The latest issue, which casts a grim light on Facebook’s respect for users’ consent and personal data, comes on the heels of a number of scandals over the past year – ranging from the furor over last year’s Cambridge Analytica data harvesting operation to a recent report by TechCrunch revealing that the company secretly paid users, including minors as young as 13, to install an app that would siphon network and web data from phones in direct violation of Apple’s developer terms.
The Wall Street Journal‘s new report reveals that Facebook has used several apps to collect deeply sensitive user data that goes far beyond phone habits or web history, and includes users’ weight, blood pressure, and even ovulation status. After testing 70 apps, WSJ found 11 apps that have been leaking data to Facebook, even in cases when the user is logged out of the social media platform or doesn’t have an account at all.
The fitness and health apps, which were equipped with Facebook-provided developer software, were primarily meant to determine ad placement. Apps included the highly popular period-tracking app Flo Period and Ovulation Tracker – which claims to have 25 million active users – which informed Facebook when users were menstruating or if users indicated that they were attempting to become pregnant.
A visualization of how Facebook gets sensitive information from Flo, an app that helps women track their ovulation, even when they don't log in via Facebook or have a Facebook profile. https://t.co/8nKly3brtE pic.twitter.com/SIOAnePSHc
— Hamza Shaban (@hshaban) February 22, 2019
The Journal’s testing also revealed that Instant Heart Rate: HR Monitor sent heart rate data to the company while home sales and rental search app Realtor informed Facebook of the listings viewed by users as well as the prices of homes and those marked as “favorites.”
Facebook is able to collect the data due to the built-in features of its Software Development Kit (SDK), the open source software tools that allow developers to create apps that integrate with the social platform for the purpose of ad targeting based on user data.
The Journal’s tests were repeated by online privacy tracker Disconnect, which confirmed the results.
The report provoked a furious response from New York Governor Andrew Cuomo, who directed the New York Department of State and Department of Financial Services to investigate Facebook. He also called on federal regulators to get involved in what he called an “outrageous abuse” and “invasion of consumer privacy” in a statement.
“New Yorkers deserve to know that their personal information is safe, and we must hold internet companies — no matter how big — responsible for upholding the law and protecting the information of smartphone users.”
I really wish that @apple would take the immediate step and kick off Instant Heart Rate: HR Monitor, Flo Health Inc.’s Flo Period & Ovulation Tracker, and the app for https://t.co/OZB4w4CiqQ with immediate effect until their apps are no longer plundering this data for Facebook.
— DHH (@dhh) February 22, 2019
Facebook has been mired in a bevy of lawsuits and inquiries around the globe over its violation of user privacy, which became an especially hot topic following the Cambridge Analytica scandal last year that saw the company allow third-party apps to construct “psychological profiles” of its users for the purpose of micro-targeted political campaigns.
But the latest revelation is unlikely to change the intrinsic nature of Facebook, a private corporation whose bread-and-butter consists of user data and targeted ads. To demand that Facebook abandons targeted ads – which yield a far higher profit than scattershot advertising that is blind to demographic groups or what’s relevant to users – would be tantamount to demanding that the company throw its investors and stockholders under the bus.
Simply put, Facebook’s financial interest – or greed – has been exposed as running counter to the public interest. Are any of us surprised that a business model based on the extraction of our personal information has resulted in the outright violation and abuse of our most sensitive secrets?