"We found that at least 61 percent of apps we tested automatically transfer data to Facebook the moment a user opens the app. This happens whether people have a Facebook account or not, or whether they are logged into Facebook or not."
😱😱😱
Investigating Apps interactions with Facebook on Android | Privacy International
https://privacyinternational.org/campaigns/investigating-apps-interactions-facebook-android
@Argus downright scary.
@Argus Is there a way on android to block the transfers? Eg. A set of ip addresses?
@Argus @aral On the other hand, Android has built-in iptables firewall which can be administered from commandline just as on Linux or with easy interfaces like AFWall+ (or for non-rooted devices through a virtual Virtual Private Network (a local VPN to self, to block all non-firewalled traffic, thus "virtual VPN")).
At least for for rooted Android devices one can also block hostnames via the hosts-file (/system/etc/hosts is a redirect (symlink) for /etc/hosts) just as on any non-closed UNIX(-like) system and even on Windows. I've seen apps that claim to be able to manage the hosts-file even without root on Android, but I have not tested any of those.
@Argus Easy solution: Stop using Facebook and block all the IPs it owns on your firewall. 
@pertho @Argus @b9AcE Rooting isn't practical for the general public, and for those like me who can't risk bricking my cell and can't find any way to do so on our particular tablet brands. I'd like to see references to non-rooted options other than VPN, preferably FOSS and free, though I'm willing to pay a reasonable charge if I knew the provider wasn't dealing behind my back, as PI has reported with some.
I swear, FOSS Linux on devices is the only way to go, IMHO.
@technoslick @Argus Android operating system is designed to spy on you. You can't even have a blocklist in /etc/hosts on Android; it gets ignored.
I don't think Linux is secure enough for mobile devices as it has a very polluted ecosystem now (see: Systemd)
@technoslick @pertho I wonder what they're going to use on the #librem5...
@Argus @technoslick @pertho They might use by default PureOS (https://pureos.net) with Phosh Shell (https://source.puri.sm/Librem5/phosh) and GTK/GNOME applications.
@Argus oh wow this test with a flashlight app is really telling
This has been a thing for awhile. Does the report mention what the companies get in return for sending all the data to Facebook? Is it just a money thing?
@Argus Facebook is evil 😡
@Argus I notice the FB SDK collects the phone's advertising_id plus a static FB "anon_id".
Assuming the anon_id stays the same per app (or per phone?) this allows FB to work around users who reset their advertising ids and keep tracking them as the same user
@Argus for some reason im particularly disappointed in Clue, they always seemed like a trustworthy app to me
Wow. That makes me want to DNS black hole Facebook's domains.
@Argus what? Am I missing something or is the sample size of thirty apps?
@Argus I'm not too experienced reading academic papers so I might be missing a critical point, but I read the full report and I'm sceptical. The report only lists 33 apps, all of which are free and most include social elements or FB logins. I don't think that's a good representative of the market. Besides, they don't specify what kind of data is being tracked. Like I just said, it could be a simple login.
1/?
@Argus I didn't try many of these apps, but Spotify lets you create in-house accounts or log in with FB, and they don't specify how that influences the output.
The report cites another investigation from Oxford University from 2014, which indicates that the percentage is actually 40%.
2/3
@Argus I don't know much about what being an Android developer was like back then, but if I'm not mistaken Google has simplified logging in with Google accounts since then, making a competitive alternative. Maybe FB's scandals made a difference too, I'm talking out of my ass here.
Anyways, I'm sending Privacy International an e-mail just to check
3/3
@Argus
Wonder if this includes apps that say "no ads" in the store 
@Argus
yea - whats new?