8 votes

How Facebook tracks you on Android

8 comments

  1. [8]
    JakeTheDog
    Link
    Can someone give a layman's TL;DR?

    Can someone give a layman's TL;DR?

    1. [7]
      feigneddork
      Link Parent
      Sorry for the late reply. TL;DR Apps on Android that use the Facebook SDK are most likely sending data to Facebook without your consent. Bad apps are constantly sending data about the things you...

      Sorry for the late reply.

      TL;DR Apps on Android that use the Facebook SDK are most likely sending data to Facebook without your consent. Bad apps are constantly sending data about the things you are doing throughout your app to Facebook via the SDK. Google are no better - if you opt-out of personalised advertising, you are sending more data to Google, not less.

      I think this is the case on iOS due to the actual implementation of the SDK being used on both platforms, rather than any specific thing any OS is doing.

      4 votes
      1. [3]
        callmedante
        Link Parent
        Could you expand on this? Also, would an ad blocker like DNS66 be effective at mitigating a lot of this? It blocks requests at DNS level (by way of a VPN).

        Google are no better - if you opt-out of personalised advertising, you are sending more data to Google, not less.

        Could you expand on this?

        Also, would an ad blocker like DNS66 be effective at mitigating a lot of this? It blocks requests at DNS level (by way of a VPN).

        1 vote
        1. [2]
          feigneddork
          (edited )
          Link Parent
          It's in the video - timestamped: https://youtu.be/y0vlD7r-kTc?t=21m8s For some reason, apps using Google's advertising API (I'm guessing the Google Play Ads model) ends up sharing a lot more data...

          It's in the video - timestamped: https://youtu.be/y0vlD7r-kTc?t=21m8s

          For some reason, apps using Google's advertising API (I'm guessing the Google Play Ads model) ends up sharing a lot more data about the user session than if they opted in. I have no idea why.

          As for ad blocking, I used Blockada, but generally any ad blocker is fine if you block access to graph.facebook.com. Beware though, there are two consequences to this:

          • Facebook will not work, so if you have Facebook, you're out of luck and have to live with this profiling going on
          • Apps will behave badly. In my case, Spotify acted up every now and again (i.e. playing 5 songs and then permanently getting stuck on one song as if it was offline) - it was only when I stopped Blokada is when Spotify acted like a musical player.

          The former I have no issue with since I don't use Facebook. The latter I'm not really sure how to solve, if I'm being 100% honest - most people don't even care about this sort of stuff going on and trying to persuade app developers to stop requires public perception to change drastically.

          EDIT: It turns out that the DNS resolver on my phone was crap, so I'm going with Cloudflare DNS that Blokada provides. It seems to be doing the job perfectly without any of the issues I mentioned above.

          4 votes
          1. callmedante
            Link Parent
            Thanks for pointing me to the video. I admit, I didn't get very far into it. My own fault for asking a question that was already answered. I don't use the Facebook app. If I have to sign in, I do...

            Thanks for pointing me to the video. I admit, I didn't get very far into it. My own fault for asking a question that was already answered.

            I don't use the Facebook app. If I have to sign in, I do so in a Firefox Focus session. While they clearly do not put in much effort on the mobile website, it functions just fine for me.

            I haven't run into problems with Spotify whole using DNS66, though I'm not sure if I've listened to much Spotify lately, so my experience might not reflect the reality of the situation. As a Pixel owner, I'm happy that I've got something blocking ads that doesn't require root (plus it's on F-Droid).

            1 vote
      2. [3]
        JakeTheDog
        Link Parent
        What. The. Fuck. This is insanity. Do you know if using a firewall like AFWall (superuser/root access) would block this sort of communication?

        What. The. Fuck. This is insanity. Do you know if using a firewall like AFWall (superuser/root access) would block this sort of communication?

        1. feigneddork
          Link Parent
          I've wrote in greater detail here: https://tildes.net/~comp/gz6/how_facebook_tracks_you_on_android#comment-3uy9 but in short, if AFWall can block graph.facebook.com, you are basically killing off...

          I've wrote in greater detail here: https://tildes.net/~comp/gz6/how_facebook_tracks_you_on_android#comment-3uy9 but in short, if AFWall can block graph.facebook.com, you are basically killing off this SDK - there will be consequences with some apps though due to the nature of how reliant some devs are on using these SDKs for analytics/ads/etc.

          1 vote
        2. babypuncher
          Link Parent
          Set up a Pi-Hole on your LAN and configure your router to point to it as your DNS.

          Set up a Pi-Hole on your LAN and configure your router to point to it as your DNS.