Investigating Apps interactions with Facebook on Android

Privacy International has been investigating the proliferation of data tracking, brokerage and exchange between many tech companies, both as their primary business as well as value added services. 

Facebook routinely tracks users, non-users and logged-out users outside its platform through Facebook Business Tools. App developers share data with Facebook through the Facebook Software Development Kit (SDK), a set of software development tools that help developers build apps for a specific operating system. Using the free and open source software tool called "mitmproxy", an interactive HTTPS proxy, Privacy International has analyzed the data that a number of Android apps transmit to Facebook through the Facebook SDK.

Key findings
  • We found that at least 61 percent of apps we tested automatically transfer data to Facebook the moment a user opens the app. This happens whether people have a Facebook account or not, or whether they are logged into Facebook or not.
  • We also found that some apps routinely send Facebook data that is incredibly detailed and sometimes sensitive. Again, this concerns data of people who are either logged out of Facebook or who do not have a Facebook account.



The full report, including our legal analysis, our full methodology and company responses can be found here

A video presentation of the finding of this report can be found here, as presented at 35th Chaos Computer Congress (35C3)



Below is the accompanying documentation for the report, including the analysis of each app and the data transmitted to and from Facebook

The toolkit used to produce these analyses will be available shortly

The name can either be partial or full