I had a few - all of them from my Android apps and via Facebook business tools i.e. the vendors are actively pushing my data to Facebook. One utility app that I'm not surprised about, one that I'm a bit more surprised about but the interesting bit was G-Shock Connect (for the watch).
I installed their app once, figured it doesn't properly do the only thing I needed it for (show battery charge level), and I went to uninstall it. How did it find itself on Facebook?
The app wasn't given any permissions and I did not enter any personal information. The TOS did require giving consent to sending app and watch usage data but I didn't tick allowing that for marketing purposes nor was personal information mentioned, just identification data from the phone itself, operating system etc.
The app must have obtained my phone number or email from the phone's personal data. Apparently that's possible even if I declined all explicit permissions. They might be able to find my Google email by using Android's AccountManager apis. Phone number might be possible but slightly tricky and I think I disconnected my phone number from Facebook way before installing their app.
Interesting stuff - looks like everything should run in an anonymous container by default on phones, too. I hope we'll get there soon. Still, a lot of this is based on trust rather than technical countermeasures. Will you trust the vendor or not?
I installed their app once, figured it doesn't properly do the only thing I needed it for (show battery charge level), and I went to uninstall it. How did it find itself on Facebook?
The app wasn't given any permissions and I did not enter any personal information. The TOS did require giving consent to sending app and watch usage data but I didn't tick allowing that for marketing purposes nor was personal information mentioned, just identification data from the phone itself, operating system etc.
The app must have obtained my phone number or email from the phone's personal data. Apparently that's possible even if I declined all explicit permissions. They might be able to find my Google email by using Android's AccountManager apis. Phone number might be possible but slightly tricky and I think I disconnected my phone number from Facebook way before installing their app.
Interesting stuff - looks like everything should run in an anonymous container by default on phones, too. I hope we'll get there soon. Still, a lot of this is based on trust rather than technical countermeasures. Will you trust the vendor or not?