Since these findings, Zoom appears to have updated its iOS app to make sure certain data are no longer sent to Favebook.
According to Motherboard, this meant that the Zoom app told Facebook when you'd opened the app, sent device model information, time zone and city, phone operator and a unique advertisier identifier that in turn it could use to send you targeted ads.
"I think users can ultimately decide how they feel about Zoom and other apps sending beacons to Facebook, even if there is no direct evidence of sensitive data being shared in current versions," said Will Strafach, an iOS researcher and founder of privacy-focused iOS app Guardian.
Facebook’s SDK policy says apps that use them must notify the user of potential data sharing, something Zoom was not doing when the discovery was made.
In another Motherboard report two days after the original findings, the publication said Zoom had updated the app.
“… [W]e were recently made aware that the Facebook SDK was collecting unnecessary device data," Zoom told Motherboard. “The data collected by the Facebook SDK did not include any personal user information, but rather included data about users’ devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space”.
The statement went on to clarify: "We will be removing the Facebook SDK and reconfiguring the feature so that users will still be able to login with Facebook via their browser. Users will need to update to the latest version of our application once it becomes available in order for these changes to take hold, and we encourage them to do so. We sincerely apologize for this oversight, and remain firmly committed to the protection of our users’ data”.
It's good to see Zoom act on something it claims it wasn’t aware of, though it could be a PR move to claim innocence. It's use has sky rocketed since millions more people are working from home and want to use a video calling service on laptop and mobile.