Zoom’s video calling service has been available for a while now but the unprecedented number of people working from home during the coronavirus pandemic has skyrocketed the app’s popularity.

However, research conducted by Vice’s tech branch, Motherboard, has revealed that Zoom’s iOS app has been secretly sharing analytical data with Facebook, even if the user doesn’t have an account on the social media platform.

The data being shared includes time the app is launched, device and location information, phone carrier, and analytical data that can be used to create targeted ads.

Too much information

The reason Zoom is able to share user data with Facebook, even if there’s no linked social media account, is because the video calling app uses Facebook’s software development kits (SDKs). So, when Zoom is downloaded and launched, it immediately connects to the Facebook Graph API.

This is not a new practice: developers have long used Facebook SDKs to add features to their apps, although Facebook’s terms of use require app makers to inform users of these data sharing practices.

While Zoom’s privacy policy mentions that the app may collect data related to a user’s Facebook profile which may then be shared with third parties – although Facebook is not explicitly mentioned as a third party – there’s no clear indication it will be doing the same for users who do not have a Facebook account.

Not the first time

Zoom does have a history of privacy issues. In 2019, a security researcher unearthed a bug that allowed webcams of Zoom users to be hacked without their knowledge, although the company has said that the issue has been resolved.

Other recent news related to video chat security involves a man exposing himself in front of children on a video call after he was able to “guess” the link to the call. While this was not on a Zoom call (instead on an app called Whereby), TechCrunch reported last year that it was possible to hijack a Zoom meeting by “cycling through different permutations of meeting IDs in bulk”. This was possible as the meetings weren’t protected by a passcode.

The Electronic Frontier Foundation (EFF) recently explained how a host on a Zoom call can monitor the activities of participants while screen-sharing. If users record the video call, then Zoom administrators are able to “access the contents of that recorded call, including video, audio, transcript, and chat files, as well as access to sharing, analytics, and cloud management privileges”.

While the old security issues have since been resolved by Zoom, this new discovery highlights how simple technological solutions can sometimes come at the cost of privacy.