- // Update 1 (30/03/2020 10:29 am) Zoom has updated its iOS app to remove Facebook code
With the entire world reeling from the rapid spread of the Coronavirus pandemic, a lot of people (students, teachers, groups of friends) have turned to video conferencing options like Zoom to stay in touch, or to continue their education while maintaining social distance. In fact, Zoom has exploded in popularity since the Coronavirus pandemic started spreading through the world.
However, a new report from Motherboard claims that the iOS app for Zoom is sending data to Facebook without the user’s knowledge. What’s worse, is that this data is being sent even if the user in question doesn’t even have a Facebook account.
Motherboard’s analysis suggests that Zoom connects to Facebook’s Graph API and thereafter lets Facebook know when a user opens the app, the details about the device they are using, and even information like the city they’re based in, their carrier, and a unique advertisement identifier for ad targeting.
Zoom also mentions that the service will collect Facebook data if a user logs-in with Facebook or creates a Zoom account using Facebook. But again, it doesn’t mention that even if a user doesn’t have a Facebook account, the app still collects and sends data to Facebook anyway.
This isn’t the only potential privacy issue with Zoom. According to the EFF, Zoom call hosts can see whether participants have the Zoom window open or not, they can also see participants’ IP addresses, location data, and device information.
Update 1 (30/03/2020 10:29 am)
After the investigation and report from Motherboard, Zoom has rolled out a new update to its iOS app which removes the code that was sending data to Facebook.
In a statement given to Motherboard, Zoom said “Zoom takes its users’ privacy extremely seriously. We originally implemented the ‘Login with Facebook’ feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data.”