Zoom Removes Feature Sending Data to Facebook

Outsourcing Data: Don't Take a Fairytale Approach

March 31, 2020

Zoom has removed its “Login with Facebook” feature using the Facebook SDK for iOS as the Facebook SDK was collecting device information unnecessary for Zoom to provide its services.

In a recent blog, Zoom said they originally implemented the “Login with Facebook” feature using the Facebook SDK for iOS (Software Development Kit) in order to provide their users with another convenient way to access the platform. However, they were made aware on Wednesday, March 25, 2020, that the Facebook SDK was collecting unnecesary device information.

The information collected by the Facebook SDK did not include information and activities related to meetings such as attendees, names, notes, etc., but rather included information about devices, such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space, Zoom said.

"Our customers’ privacy is incredibly important to us," noted Zoom. Therefore, Zoom decided to remove the Facebook SDK in the iOS client and have reconfigured the feature, so that users will still be able to log in with Facebook via their browser. In addition, Zoom thanked Joseph Cox from Motherboard for alerting Zoom to this privacy concern.

Security magazine spoke to Terence Jackson, Chief Information Security Officer at Thycotic, who says, “Zoom’s privacy policy stated that the company might collect a user's Facebook profile information when Facebook is used to log-in, however, it didn’t mention sending data to Facebook. Users have to be diligent when using the “Log in using” feature."

Unless it is your company's approved identity provider, "I recommend that you create a new account and use a password manager to generate a strong password. This should also be a reminder for users to at least skim the privacy policy to look for how your data will be used, stored, and transmitted before signing up,” Jackson says.

Chris Hazelton, Director of Security Solutions at Lookout, noted Lookout analyzed the latest version of Zoom and confirmed that they are still communicating with Facebook APIs in the current iOS version of the Zoom app. "We have analyzed more than 100 million apps, and allow organizations to analyze any mobile app to identify cybersecurity and privacy threats. Zoom did update their app with version 4.6.9, which was updated to three days ago for “Improvements to Facebook Login”. The app communicates with IPs in the US, China, India, and Germany. This is to leverage APIs from Alibaba, Box, Dropbox, Facebook, Google, Microsoft, RingCentral, WeChat and QQ."

Below are details from a Lookout App Analysis of the iOS Zoom app, generated on March 30, 2020, that verifies Zoom did update their app:

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Zoom Removes Feature Sending Data to Facebook

Related Articles

Related Events

Report Abusive Comment