The software, Zoom, has recently seen an increase in usage as more and more companies urge their employees to work from home due to the current pandemic. One of the issues, as explained by Mashable, has always been the app’s privacy. This includes the video conference app sending the user’s data to Facebook. Nevertheless, Zoom’s iOS app was updated to stop sending personal to Facebook. This was best seen when Zoom stated in a blog post that:
“We originally implemented the “Login with Facebook” feature using the Facebook SDK for iOS (Software Development Kit) in order to provide our users with another convenient way to access our platform. However, we were made aware on Wednesday, March 25, 2020, that the Facebook SDK was collecting device information unnecessary for us to provide our services.”
Zoom In On Motherboard
“The data collected by the Facebook SDK did not include any personal user information, but rather included data about users’ devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space.”
Zoom does deem this data transfer as unnecessary. However, one cannot help but wonder the other ocassions in which some data might be regarded as necessary. Nevertheless, changes were made. According to the site, Motherboard downloaded the update and confirmed that it no longer sends data to Facebook.
The Zoom’s iOS app update has proven to be good news. However, the problem doesn’t stop there. It’s a fact that the Facebook SDK feature is quite common in iOS products. The problem worsens as, according to Threatpost, SDK has been proven to be misused for nefarious reasons. Another Threatpost article from last November states that SDKs have been known to be misused for the sake of scraping account info from social media sites, such as Facebook and Twitter.
This is where the real dilemma comes. The November article states that Facebook and Twitter are warning against SDKs. Mainly because, as seen with some of Motherboard’s findings, some SDKs are known “to harvest personal information.” So the question is: How did Facebook allow this? Despite the data transfer happening via the “Login Through Facebook” option, it doesn’t explain how devices’ information went to the social network company, even for non-users of the platform.
Not Their First Rodeo
This is not the first time Zoom has been under scrutiny. According to Techspot, last year the company was forced to offer solutions to prevent the hacking of Mac webcams. Another security researcher also discovered that the Zoom version for macOS could be used to highjack a computer’s webcam. Cal Jeffrey, a Contributing Writer for Techspot explained that the security breach was facilitated by a web server that Zoom installs on the device to make it easier for users “to join meetings with one click.” Just like a malicious entity can abuse SDKs features, they can also infiltrate webcams.
Hours after they refused to fix the problem, accounts went live and Zoom had no other choice but to address the security issue. They said in a statement:
“We appreciate the hard work of the security researcher in identifying security concerns on our platform. Initially, we did not see the web server or video-on posture as significant risks to our customers and, in fact, felt that these were essential to our seamless join process. But in hearing the outcry from some of our users and the security community in the past 24 hours, we have decided to make the updates to our service.”
With all of these security issues that Zoom seems prone to have, is it safe to say that Zoom will not have any other problems? The answer remains uncertain. Despite the need for the app now that many companies are working from home, there is a high chance that hackers aren’t stopping anytime soon on Zoom’s features.