Zoom has apparently been playing dirty with certain confidential information and accidentally posting data to Facebook on its iOS app, according to a new report by Motherboard. While the problematic code in its iOS app has apparently been updated by the company, Motherboard’s analysis reveals the app showed it was sending data to Facebook such as a user’s time zone and city, when a user opened the app, and details about the user’s device, even if the user didn’t have a Facebook account.
According to Zoom, the data collected did not include personal user information, but rather information about users’ devices. This didn’t mean the information was directly posted on people’s Facebook accounts but was nonetheless visible to the company. The company is encouraging users to update the iOS app to the latest version for the change to take effect, the company said.
It might seem like an innocent amount of information to leave behind, but still concerning that the information found its way online anyway. According to a blog post by Zoom CEO Eric S. Yuan who unpacked the timeline of the incident in more detail, Zoom implemented its “Login with Facebook” feature using Facebook’s software development kit (SDK) for iOS. On March 25th, the company was made aware “that the Facebook SDK was collecting device information unnecessary for us to provide our services,”:
We sincerely apologize for the concern this has caused and remain firmly committed to the protection of our users’ privacy. We are reviewing our process and protocols for implementing these features in the future to ensure this does not happen again.
Their s no doubt a bog failure in some of their protocols and security testing that resulted in this bug. Hopefully, the company can tighten these processes in future to ensure customers data can always remain secure. It’s not clear exactly how long the offending data was available on the internet for and if every iOS app user was affected or not. With Zoom usage growing rapidly at the moment, now is a critical opportunity for the company not to lose any consumer confidence people have with the software.
Last Updated: March 31, 2020