X
Business

Another Facebook privacy scandal, this time involving its mobile analytics SDK

Don't be too quick to blame Facebook on this one. The company may not actually be so guilty this time.
Written by Catalin Cimpanu, Contributor

Facebook is yet again at the heart of a privacy scandal, but this time the social network may not be as guilty as some people might think.

In an explosive exposé published today, the Wall Street Journal revealed that 11 popular mobile apps are sending data to Facebook servers, data that for some apps contains sensitive information such as heartbeat rates, blood pressure, menstrual cycles, and even pregnancy statuses.

This data isn't collected by Facebook intentionally, but app developers use Facebook's mobile software development kit (SDK) to collect metrics and analytics of how users are engaging with their apps.

Collected data is sent to Facebook servers for storage in the form of "app events," which are data points specific to each app --which for some apps may include health-related information, depending on the profile of the app.

The WSJ report argues that Facebook secretly has access to this data under the terms of service of its SDK.

The Journal's report has drawn immediate criticism against Facebook and New York Governor Andrew Cuomo formally asked state officials to look into the social network's pontential user privacy violation.

However, things aren't as dramatic and one-sided as the WSJ reporters painted it in their exposé.

There is nothing special about the Facebook SDK. It's just another SDK like many other mobile analytics SDKs.

In the words of a former Facebook product manager, who aired his grievances against WSJ's report on Twitter, Facebook's analytics SDK is no different than Google Analytics.

In the way Google Analytics scripts embedded on billions of sites collect data on what pages users visit and what buttons and links they click, so does Facebook.

Just like Google, Facebook isn't forcing app developers into using the analytics SDK. There are many other mobile analytics SDKs on the market, and app developers are using Facebook's tool on their own free will.

If the developers of those 11 apps the Wall Street Journal would have used another mobile analytics SDK and would have sent pregnancy and menstrual data to "Analtics Company #23," nobody would have batted an eye. But everyone is now losing their minds just because it's big bad Facebook.

"Facebook dominates mobile ads spending like Google used to dominate desktop ads spending, so this is their long-term bid to provide one analytics platform for the mobile ecosystem," said Antonio García Martínez, the former Facebook product manager and current founder of advertising platform AdGrok.

"Facebook was in no way involved with the data collection, nor do they store the data in usable form (they're stored as bucketed 'events', so the developer can sort user actions, per whatever internal analytics philosophy they have)," Martínez said. "Facebook is basically a bean counter here."

Martínez argues that the WSJ report is just piggy-backing on the current fad of blaming Facebook for anything shady happening on its platform.

Sure, Facebook bears a lot of blame, such as the Cambridge Analytica and Onavo VPN scandalds, or it's fake news and social manipulation problems, but this ain't one.

Facebook isn't collecting data on pregnancies and menstrual cycles. App developers are. They're just happening to store it on Facebook's servers in this particular instance, but there are many other app developers who use other analytics SDKs and are storing that kind of data on the servers of other analytics providers. The problem isn't Facebook here, it's the analytics ecosystem, as a whole.

Facebook's worst privacy scandals and data disasters

Previous and related coverage

Editorial standards