After media reports on data protection problems with the video conference software Zoom, the manufacturer of the same name reacted with an update of the iOS app. This no longer secretly sends data to Facebook. The problem is due to the function "Login with Facebook" Zoom, which implemented Zoom using the Facebook SDK for iOS (Software Development Kit), explains Zoom in one blog entry.
"On March 25th, however, we were made aware that the Facebook SDK is collecting device information," writes Zoom. Zoom does not want to have known about this until then. Since the forwarding of device information for the provision of the zoom services is not necessary, Zoom has now removed it, writes the manufacturer of the video conference software.
Zoom emphasizes that "no information and activities related to meetings like participants, names, notes" had been collected. Rather, information about devices such as the model, the operating system, the screen size or the memory was transmitted. In addition, every time the app was opened and the device-specific advertising ID was sent to Facebook. If tracking services such as Facebook are integrated into several apps that a user uses, the data collected in each case can be merged using the advertising ID. In this way, zoom use can be combined with illnesses, travel behavior, dating and much more for one person, for example.
Other privacy issues
On the criticism of security researcher Mike Kuketz, who in a Brief analysis discovered several tracking services in the web version of Zoom, the manufacturer did not enter. Among other things, the email address of his test account was sent to Wootric. The U.S. Civil Rights Organization Electronic Frontier Foundation (EFF) criticized also several functions of the zoom service. For example, administrators or supervisors could track the attention of zoom users in a conference: They can be notified if the zoom window has not been in focus for 30 seconds, for example because another program such as a browser is being used. Administrators also see detailed information about the devices used and can join conferences without being asked.
Even worse was a security vulnerability last year that allowed attackers to access millions of Mac users' webcams. This was even possible if Zoom users had uninstalled the software because Zoom set up an undocumented, local web server on the Mac computers that remained on the Mac even after the Zoom application was uninstalled. If a user visited a prepared website, they could transfer these commands to the local server and add the user to a video conference without their consent – including the live stream of their webcam.