How Facebook tracks you on Android (even if you don't have a Facebook account)

Another article on the issues linked to the Facebook SDK.

4 Likes

Hi @alexis,
can you assure us that Facebook’s SDKs are not present on the apps we download via Apps by /e/ ?

Second question: If those SDKs were present on the apps we download via Aurora Store or another app store, is there anything that /e/ does or could do in the future to prevent those SDKs from leaking information about us? Thanks.

Hi @dotcoma are you suggesting we modify the apps that are in the Apps Store. That will not happen. They will be as they are on the other standard application repositories. Even in future we do not plan to modify apps and share them on App Store. User have to decide if the app is to be installed or not .

1 Like

Hi @Manoj, I am:

  • technically illiterate
    and
  • on your side.

Therefore, I am not suggesting anything.

Judging by your answers, those SDKs are present in the apps by Apps by /e/.

So, my second question: is /e/ doing anything or planning to do anything in the future to make sure those SDKs do not leak info about us?

Thanks.

1 Like

Do not use these un-safe apps. That is the advise /e/ will give.
We are not going to tamper with apps which users request to be placed in the store. Not now not in the future.
We are doing our best to make the /e/ Os safe. The apps you install on top of it are your responsibility. So avoid unsafe apps.

OK, is there or will there be a list shortly of the apps that contain Facebook’s SDKs?

Right now not sure the team will have time to sit and document all requests. Alternately you can do some research on this and publish and help us all.

How am I, a normal end user, supposed to do research and document things?

I did not mean you specifically - any user who has the technical skill and time can do the research. It will be a big help to all.

1 Like

Hi @dotcoma, as @Manoj mentions, we don’t modify apps we publish, for many different reasons as it is neither our focus, nor our role in the ecosystem.

But we inform you and give you a chance to be in control with the privacy score in the /e/ app store and the list of trackers featured in apps.
As highlighted in this research from last year, the problem with the FB SDK was linked to the Facebook Login. So if you want to protect your privacy in your apps, you probably want to avoid apps with Facebook Log-in trackers or similar. And if you check the trackers list in your apps, it is likely you will see Facebook trackers in a lot of apps!

Regarding your question about blocking trackers, this is a different ball game and we plan to launch a solution to deal with that next year as highlighted by Gaël in his post here: /e/ Mobile OS Next Steps & A new roadmap for 2020

“In 2020 we are going to introduce new features that will let users know in real time how much data is leaking from installed apps, and how to block the corresponding trackers. It will also offer a synthetic summary of these activities over time.”

I hope this covers your questions.
Cheers.

3 Likes

Thanks. So, if an app has Facebook login, it contains their SDK and it’s best avoided.

Just as a general note, I think that any time a problem or a privacy violation is discovered, it would be great if the team from /e/ could tell us:

  • what /e/ is doing to protect us
  • what we can do to protect ourselves
  • what some of us (those with technical skills) can do to help you help us.

Thanks for all the work!

Hi, @dotcoma

One thing someone whitouth technical skills can do is use the App Store to be sure about the trackers.

If you check the article you’ll see a list of apps covered by the research; one of them is the Opera Browser.

Just search for it in the App Store and click on Trackers (half way down): you’ll see a list of trackers the app uses.

Check out this image from the Opera Browser:

Or you can go directly in the Exodus site (https://reports.exodus-privacy.eu.org/en/) and do your search. Just type the name of the app like Firefox, Spotify, Duckduckgo…

Hope I could help.

Hi, thanks for the suggestion, but I doubt the Exodus site is very useful for Android.

Instead, download ClassyShark on F-droid and check if your apps are clean or not.

Ok but ClassyShark uses Exodus list.

:slight_smile:

ClassyShark uses Exodus list.

It uses virus (tracker) signatures from Exodus; however, it actually scans apps on your device. This is better than showing a standard results list as Exodus website does.

It would make sense to me if the app is already installed. And I was thinking about people who wouldn’t even now how to use an app like ClassyShark.
The whole point is to gather as much information possible about an app before installing it.
If it’s not an absolutely needed app, I’ll only install it if I can be as sure as possible that it is safe.
Well, that’s the way I do things, maybe there are other aproaches.
Thanks for the information.

It is really challenging to avoid trackers. I use the exodus app from f-droid. It does a job for the android user but you have to be careful about the apps and websites you use as an end-user. I don’t think /e/ can stop ignorant users. Not saying you are ignorant @dotcoma but compare this to a car. The car manufacturer makes a safe car (usually) but a car driver can choose to drive in an unsafe way.

I think both Exodus and Classy Shark are useful. Exodus to help with determining if an app should be installed in the first place. Once it is on your phone your information has been taken, so Classy Shark is too late. However it is not unusual to have trackers suddenly appear on an updated app, so Classy Shark helps find these.