• by Gavin O'Malley , Staff Writer @mp_gavin, January 2, 2019

Could a battered and bruised Facebook end 2018 on a positive note?

Unfortunately for the tech titan and its supporters, the answer is no. Instead, Facebook and its partners are fielding new accusations of oversharing users’ personal information.

The latest charges come from Privacy International (PI), a privacy-focused charitable organization, which found a majority of Android apps transfer data to Facebook without users’ consent.

After examining 34 popular Android apps, PI found about 60% automatically transferred data to Facebook the moment users open the app. “This happens whether people have a Facebook account or not, or whether they are logged into Facebook or not,” PI notes in a new report.

In most cases, the data automatically transmitted first is “events data,” which communicates to Facebook its SDK has been initialized by transmitting data, such as “App installed” and "SDK Initialized."

“This data reveals the fact that a user is using a specific app, every single time that user opens an app,” according to PI.

In its analysis, PI determined apps that automatically transmit data to Facebook share this data together with a unique identifier, the Google advertising ID (AAID).

The primary purpose of advertising IDs, such as the Google advertising ID -- or Apple’s equivalent, the IDFA -- is to let advertisers link data about user behavior from different apps and Web browsing into a comprehensive profile.

“If combined, data from different apps can paint a fine-grained and intimate picture of people’s activities, interests, behaviors and routines,” PI notes. Some of this data can reveal special category data, including information about people’s health or religion, it adds.

PI also found some popular apps routinely send Facebook data the organization describes as “incredibly detailed” and “sometimes sensitive.”

Among other examples of this data, travel search and price comparison app Kayak reportedly sends information about consumers’ flight searches to Facebook, including departure city, departure airport, departure date, arrival city, arrival airport, arrival date, number of tickets and class of tickets.

Facebook has yet to publicly respond to Privacy International’s report. Yet, in an email sent to the organization on December 28, Facebook said it suspended sharing such sensitive information in June. 

“Prior to our introduction of the ‘delay’ option, developers had the ability to disable transmission of automatic event logging data, except for a signal that the SDK had been initialized,” Facebook explained in its correspondence with PI. “Following the June change to our SDK, we also removed the signal SDK was initialized for developers that disabled automatic event logging.”

The PI’s report follows a bombshell report in The New York Times that found Facebook had shared far more data with business partners than users were aware, including their personal messages.

Analysts have suggested Facebook’s ongoing privacy scandals are increasing the chances it will face government regulation. Along with “plateauing user-growth,” Facebook is threatened by “increasing regulatory pressure,” Lynx Equity Strategies analyst KC Rajkumar, cautioned in a recent note to investors.