Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

... so if the app including the SDK has permission to access location data, the SDK could be passing that location data to Facebook?


Not only could it do that, but it also totally does do that


Didn't they also use to home in information about surrounding bluetooth devices? When iOS 13 beta dropped, half of the apps suddenly asked for bluetooth permissions because Google/FB SDKs attempted to use it on app launch.


Not sure about Bluetooth devices, but the Facebook SDK definitely phones home with some system data and generates an unique identifier on first launch which is then included every further interaction the SDK has. Both of these enable fingerprinting and persistent tracking.


[flagged]


Why are people using the facebook sdk? What does it give them?


When we looked at it, we saw several reasons, all of which are dubious at best:

1. It is required for a "login with Facebook" feature, apparently. I'd presume this goes for other feautures that integrate with facebook, such as "invite from your friends" or "share on facebook(messenger)".

2. It gives access to metrics, when added to your own, greatly enrich your own data collection.

3. It is required when working with Facebook ads - though I would not know how this ties in with mobile apps: on web it is clearer (where you are required to host "the pixel" on your website in order to have ads on facebook link to that website.)

4. It is feature rich, so as a pure SDK, it offers neat utilities; though for each of these, there are better alternatives found in separate libs.


Extending point 2, it’s essential if you’re running ads on Facebook and want to know if clicks on the ad in Facebook bring the user through to the app - ie so you can be sure you got a real conversion


@harryf there’s a way to send ads attribution via server API, so no need to have client side FB SDK for that


I'm using it for realtime analytics (dashboard like mixpanel) also this brings authentication and other FB Integration


So yes the definition of “freedom” is “give the government more power over both app developers who voluntarily integrate the SDK and users who voluntarily download the app”.


> voluntarily

I don't remember apps listing the SDKs they use. As a humble user, how do I voluntarily choose whether to download an app or not based on their usage of Facebook's garbage?

Edit: You can't have it both ways. You can't remove a bunch of power and information from the user in the name of "safety" and "UX" and then claim that users are making a bunch of choices they can't possibly be informed about "voluntarily"


In that case, pass laws forcing disclosure and you still let the users decide.


Yes.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: