Video-conferencing app Zoom contains some shocking privacy issues
Zoom’s iOS app sent data to Facebook until recently
Vice reported that a recent analysis of the app has brought to light the fact that the Zoom iOS app was sharing data with Facebook. The interesting part is that the app sent information to the tech giant even for people that didn’t have Facebook accounts.
Previously, when you opened the app, it connected to Facebook’s application programming interface, which is usually the main method used by Facebook’s developers to get data in and out of the platform. Additionally, on the backend, Zoom was using Facebook’s software development kits (SDKs).
A new update fixed that issue
Zoom’s CEO, Eric S. Yuan, apologized in a blog post about the concern raised by the aforementioned situation. He stated that Zoom users’ privacy is extremely important to the company and that they have therefore decided to remove Facebook’s SDK from the iOS app. Additionally, he said that the information, sent to Facebook, did not include names, notes, attendees or any meeting-related information, but data about devices’ OS and some technical specifications.
'Company Directory' feature exposed hundreds of personal email addresses
Now, a new report by Motherboard draws our attention back to Zoom’s security and privacy. This time, it’s Zoom’s Company Directory feature, which allows users to have access to contacts with the same custom domain name, for example in a company environment when users share a domain. However, the company failed to realise that some custom domain names are used for personal accounts and people ended up with a lot of unknown email addresses added to their contact list.
@zoom_us I just had a look at the free for private use version of Zoom and registered with my private email. I now got 1000 names, email addresses and even pictures of people in the company Directory. Is this intentional? #GDPRpic.twitter.com/bw5xZIGtSE— Jeroen J.V Lebon (@JJVLebon) March 23, 2020
Zoom maintains a blacklist of domains to be excluded from the Company Directory feature
A Zoom spokesperson stated that the aforementioned Dutch ISP domains are now blacklisted and will no longer appear in the Company Directory feature. Additionally, users are able to submit a request for other custom domains to be removed from Zoom’s website.