Video conferencing app Zoom updated its iOS app last week after a Motherboard investigation of the app showed that it was sending user data — such as user’s device, time zone, city and an “unique advertiser identity” — to Facebook. This happened even if Zoom users didn’t have a Facebook account. Zoom’s privacy policy did not did not chalk out the extent of this data sharing, Motherboard found. Following the latest update, Motherboard said that the app was no longer sending data to Facebook upon opening.

Following Motherboard’s investigation, Zoom said that it had implemented the “Login with Facebook” feature using the Facebook SDK (software development kit) for iOS. It claimed that it was “made aware” on March 25, that the Facebook SDK “was collecting device information unnecessary for us to provide our services”.

Zoom’s claims no personal information shared: Zoom said that the information collected by the Facebook SDK did not include personal information and activities related to meetings such as attendees, names, notes, etc., but included information about devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space. With the latest update, Zoom claims to have done away with the Facebook SDK in its iOS app.

What Zoom didn’t clarify: Zoom did not clarify why its iOS app was sharing so much data with Facebook in the first place, and why the extent of this data sharing was not made clear in its privacy policy.

Zoom’s privacy issues: Yesterday, New York’s Attorney General Letitia James sent a letter to Zoom questioning its data privacy and security practices, the New York Times reported. She noted, among other things, that Zoom had been slow to address vulnerabilities “that could enable malicious third parties to, among other things, gain surreptitious access to consumer webcams [zoombombing].” She also questioned the categories of data that Zoom collects, and the entities with which it shares user data.

  • Zoom allows activity tracking, access to recorded calls: Apart from the phenomenon of zoombombing — where public Zoom calls have been invaded by uninvited guests — Zoom has other potential privacy issues as well. Advocacy group, Electronic Frontier Foundation had earlier pointed out that the host of Zoom calls can monitor activities of attendees while screen sharing. If a user records any calls via Zoom, administrators can access the contents of that recorded call, including video, audio, transcript, and chat files, among other things. It also allows administrators to see the operating system, IP address, location data, and device information of each participant.
  • Attention tracking feature: Zoom also has an “Attention tracking” feature that allows hosts to know when a participant does not have the Zoom window in focus during screen sharing.