As millions of people switch to working from home due to the global coronavirus pandemic, video conferencing software like Zoom has become suddenly indispensable and far more widely-used than before. However, concerns have been raised and the security of some conferencing tools and the implications they could have for users’ privacy.
An investigation by Motherboard last week revealed that Zoom’s iOS app was sending some data about users to Facebook, which was not made clear in the app’s privacy policy. This happened even if Zoom users did not have a Facebook account. Zoom would connect to Facebook’s Graph API and share information such as the device model being used, the location a user was connecting from, and advertising identification data.
After the investigation was published and a torrent of bad publicity was unleashed, Zoom has hurried to update its iOS app and to stop it from sending data to Facebook. “Zoom takes its users’ privacy extremely seriously,” Zoom founder and CEO Eric Yuan wrote in a blog post. “We originally implemented the ‘Login with Facebook’ feature using the Facebook SDK for iOS (Software Development Kit) in order to provide our users with another convenient way to access our platform. However, we were made aware on Wednesday, March 25, 2020, that the Facebook SDK was collecting device information unnecessary for us to provide our services.
“Our customers’ privacy is incredibly important to us, and therefore we decided to remove the Facebook SDK in our iOS client and have reconfigured the feature so that users will still be able to log in with Facebook via their browser.”
Users need to update the app to the latest version, made available on March 27, to remove the code that sent data to Facebook. Although Zoom emphasized that the data sent to Facebook did not include names, meeting attendees, or notes, it did acknowledge that it included a considerable amount of information about users’ devices, carriers, applications, and IP addresses.
“We sincerely apologize for the concern this has caused, and remain firmly committed to the protection of our users’ privacy,” Zoom’s blog post concluded. “We are reviewing our process and protocols for implementing these features in the future to ensure this does not happen again.”