How apps on Android share data with Facebook...

At least 61 % of apps automatically transfer data to Facebook the moment people open the app, whether they have a Facebook account or not, or whether they are logged into Facebook or not.

@skynebula "We also found that some apps routinely send Facebook data that is incredibly detailed and sometimes sensitive. Again, this concerns data of people who are either logged out of Facebook or who do not have a Facebook account. ... "KAYAK", which sends detailed information about people’s flight searches to Facebook, including: departure city, departure airport, departure date, arrival city, arrival airport, arrival date, number of tickets (including number of children), class of ticket."

@June @skynebula So how do I identify these apps and stop this traffic?

@Zach @skynebula i presume the investigation effort included analyzing network traffic on a device that had a custom SSL certificate installed and trusted so they could look through the data packets destined for Facebook's URLs. I am not a security researcher and don't have any advice for you on mitigation strategies, though.

@Zach @skynebula @June Presumably you could block Facebook domains via /etc/hosts file? Not sure how that works on Android, but at least if you have root it should be possible.

Of course, the other option is to use open source apps from F-Droid.

@nutomic @Zach @skynebula @June

I don’t know if there’s an easy way to edit that file on an unrooted phone or if Android’s resolver honours it. And anyway, the app could bypass that. Much better to block it at the network level, but once again, I don’t know if there’s a way to do it without rooting the phone.

What I’d like to see is something like Docker for apps. Wrap all of the APIs to optionally mimic offline and empty.

@skynebula i would be interested to see whether this also happens on iOS.

i'm very disappointed in Clue in particular, they always seemed like a v trustworthy app to me.

@skynebula Bye bye

Is there are straightfoward way to just block facebook IPs from my phone?

@gdorn @gcupc @skynebula over installed DNS66, which seems to have set up a VPN? Anyway, it's broken the BBC weather app, which I think merits some investigation. They're not meant to run adverts or violate the GDPR as they're a public utility.


Also here:

Just lost where this was shared from, but, thank you. Looks like we will just have to go PureOS way eh! 😔

@skynebula good post but what in the world is surveillance capitalism?

@Jérémie Fontana @June @Marie-Cécile Paccard @Bob Mottram 🔧 ☕ ✅ Installing the app Noroot Firewall will be an eye opener, as this puts a filter you control between your network connection and any apps trying to use the network, e.g. I found the Norwegian railway app (NSB) connects to Amazon for infrastrucure, but also Facebook - no explanation from NSB for why this is so.
Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!