Facebook's SDK allows developers to access Facebook Analytics and let their users log in with their Facebook credentials, and Facebook says in its policies that it can collect information through third-party apps that use its SDKs and APIs. Mobilsicher says at least some developers were under the impression that the information Facebook was collecting was anonymized, but even though users' names aren't attached to the data, the use of their Advertising IDs largely renders that a moot point. Mobilsicher says that as long as you've logged into Facebook on your mobile device at least once -- whether that be via a browser or through the Facebook app -- Facebook can link your Advertising ID to your profile.

The findings follow a recent New York Times report that detailed how extensively Facebook shared user data with companies like Apple, Netflix and Spotify, and it's sure to add to the privacy concerns that Facebook has repeatedly stoked over the past year. Facebook's many 2018 privacy infractions include the Cambridge Analytica scandal, a security bug that affected millions of users and a Photo API bug that gave third-party apps access to Facebook users' unposted photos. While maybe not as egregious as some of Facebook's other issues, Mobilsicher's findings highlight, yet again, just how little control users have over their information and what Facebook does with it.