Zoom’s Use of Facebook’s SDK in iOS Client
Zoom takes its users’ privacy extremely seriously. We would like to share a change that we have made regarding the use of Facebook’s SDK.
We originally implemented the “Login with Facebook” feature using the Facebook SDK for iOS (Software Development Kit) in order to provide our users with another convenient way to access our platform. However, we were made aware on Wednesday, March 25, 2020, that the Facebook SDK was collecting device information unnecessary for us to provide our services. The information collected by the Facebook SDK did not include information and activities related to meetings such as attendees, names, notes, etc., but rather included information about devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space.
Our customers’ privacy is incredibly important to us, and therefore we decided to remove the Facebook SDK in our iOS client and have reconfigured the feature so that users will still be able to log in with Facebook via their browser. Users will need to update to the latest version of our application that’s already available at 2:30 p.m. Pacific time on Friday, March 27, 2020, in order for these changes to take hold, and we strongly encourage them to do so.
Example information sent by the SDK on installation and application open and close:
- Application Bundle Identifier
- Application Instance ID
- Application Version
- Device Carrier
- iOS Advertiser ID
- iOS Device CPU Cores
- iOS Device Disk Space Available
- iOS Device Disk Space Remaining
- iOS Device Display Dimensions
- iOS Device Model
- iOS Language
- iOS Timezone
- iOS Version
Because the transmission was done over the internet, IP address was utilized in the exchange, but was not part of the SDK payload.
We would like to thank Joseph Cox from Motherboard for bringing this to our attention here.
We sincerely apologize for the concern this has caused, and remain firmly committed to the protection of our users’ privacy. We are reviewing our process and protocols for implementing these features in the future to ensure this does not happen again.