
How Facebook Tracks You on Android (2018) [video] - k0t0n0
https://media.ccc.de/v/35c3-9941-how_facebook_tracks_you_on_android
======
saagarjha
Previous discussion:
[https://news.ycombinator.com/item?id=18788658](https://news.ycombinator.com/item?id=18788658)

~~~
dang
Missed that one. Thanks!

------
blackbear_
Completely anecdotal: I have no facebook apps or social media on my android
except for whatsapp, and I never use anything else from them. I see between
400 and 500 calls to graph.facebook.com _every day_

~~~
stiray
Install NetGuard
[https://github.com/M66B/NetGuard](https://github.com/M66B/NetGuard) (no root
needed) and block them.

I am also using XPrivacy Lua (you need rooted phone)
[https://github.com/M66B/XPrivacyLua](https://github.com/M66B/XPrivacyLua) to
give applications fake details like android id, gps coordinates, contacts etc.

For a nice addition, uninstall all google software and use microg instead.

~~~
prophesi
NetGuard looks nice. I do think their reason for not having an F-Droid release
is unsatisfactory, though.

[https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-
con...](https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-
faq15)

That same logic applies to the Play Store, as it's up to the whims of Google
if they roll out your update.

~~~
stiray
He probably pulled out classic "its for security reason" PR stunt. :D

Anyway, the guy is legend since its XPrivacy hit android...

------
eden_h
It would be helpful to be more upfront in the video about why Facebook is
tracking this, because it _looks_ like it's Facebook Analytics for Apps -
([https://analytics.facebook.com/get-
started/Apps#fq](https://analytics.facebook.com/get-started/Apps#fq)), which
puts this on par with Google Analytics for Apps -
([https://developers.google.com/analytics/solutions/mobile](https://developers.google.com/analytics/solutions/mobile))
in terms of problematic behaviour.

So it is unclear if this is data that is provided to Facebook servers but not
accessible to Facebook, similar to options for Google's Analytics platforms,
or if it is harvested by Facebook by permission of the app creator. Both
options being shady, as it's not told to the user, but this video feels more
like it's saying Facebook is actively tracking people, not App Designers are
giving Facebook permission to track you in exchange for marketing analytics.

The data that is being provided is significantly too high, and the user should
be made aware, but this video seems to only discuss it being API calls to the
Analytics interface when using the app. I'd definitely expect there to be API
calls when using an app, but how User ID tracking is done is probably the most
potentially dangerous part here.

~~~
mfer
Does Facebook Analytics for Apps segment the data from that of Facebook or
combine it? Is there any policy even stated that says it's not used for other
things. I would suspect, but have not looked, that all the data is combined
together and used for selling ads and in other ways.

If that is the case, an app that is using it to get analytics for themselves
is also sending lots of data to Facebook to be used for their other purposes.

Is this information transparent to anyone? This can lead to the tracking
failing GDPR or other laws.

Now, if it was only analytics for apps for the benefit of the app owner and
not shared... things might be different legally speaking.

Of course IANAL and they may have much more to say.

------
solounavez
At the 7:00 minute mark, they show that the company has false or misleading
advertising, can that company be sued for this?

------
mcintyre1994
It's pretty amazing that Facebook got such a foothold here that all these high
profile apps use their SDK. Are they just using it for log-in? Are their
mobile ads better than Google's for developers? I assume that Google provide
all the same tools for their own ads, analytics etc. and presumably similar
tracking by Google is already baked in and unavoidable.

~~~
dep_b
Login is a big thing but if I can get away with it, I'll simply use a web view
Facebook authentication instead. Adding all that framework weight for
something the average user only uses once and will be a jarring experience
from the rest of the app no matter what you do is not worth it to me.

------
ttctciyf
As mentioned in the video, but not afaics in the description, the page from
the presenters at
[https://privacyinternational.org/appdata](https://privacyinternational.org/appdata)
has the testing environment if you want to extend or replicate these results,
as well as the report itself and its documentation, along with a March 2019
update.[1]

1: [https://privacyinternational.org/blog/2758/guess-what-
facebo...](https://privacyinternational.org/blog/2758/guess-what-facebook-
still-tracks-you-android-apps-even-if-you-dont-have-facebook-account)

------
BenGosub
How hypocritical it is to both boast that you are privacy focused, while
blatantly invading users privacy at the same time!? I think their days are
numbered, but hopefully we get rid of them sooner than later.

------
blindseer
This is tangential, but I really dislike how this YouTube channel always
downloads the original video, strips it of all information regarding the
speaker and the conference and uploads it to their channel. Even though the
original is published under Creative Commons Attribution, it still bothers me
that they 1) download and reupload (wouldn't this be better accomplished by a
playlist?) 2) strip information that makes it appear they produce the content.
I'm curious what other people think about this.

Anyway, here is the source [1] from their video description.

[1]
[https://www.youtube.com/watch?v=y0vlD7r-kTc](https://www.youtube.com/watch?v=y0vlD7r-kTc)

~~~
dang
OK, we've changed to that from
[https://www.youtube.com/watch?v=OTt1AVRQyx0](https://www.youtube.com/watch?v=OTt1AVRQyx0).

~~~
saagarjha
Can we link to the CCC page instead? It has the video along with additional
resources:
[https://media.ccc.de/v/35c3-9941-how_facebook_tracks_you_on_...](https://media.ccc.de/v/35c3-9941-how_facebook_tracks_you_on_android)

~~~
dang
Sure. Changed from
[https://www.youtube.com/watch?v=y0vlD7r-kTc](https://www.youtube.com/watch?v=y0vlD7r-kTc).

------
kekebo
Original full length video from 35C3:
[https://www.youtube.com/watch?v=y0vlD7r-kTc](https://www.youtube.com/watch?v=y0vlD7r-kTc)
[How Facebook Tracks You On Android]

