[thinkMOAR]

"ethically dubious", i consider it criminal; though they probably got some (lawyer written) fine print to say it is not so.

[jondubois]

Yes, it sounds like malware. Had any other company done this, it would have caused outrage but for some reason Facebook just seems to get away with everything.

I remember how big a deal the News International phone hacking scandal was; this actually seems much worse.

[willstrafach]

Companies which track app download and engagement metrics also do this via VPN apps. That is how they are able to obtain such data. Not new, but also not discussed much.

[daenney]

I would be interested to hear from people with knowledge of EU and US law how shady this is in their respective jurisdictions.

I'm having a hard time imagining what they did is OK, but I'm probably wrong.

[WhiteSource1]

If you can identify personal data (which if they can tie it to the user's Facebook account, that's pretty easy to do) it's likely (note: not a lawyer) a violation of the EU GDPR regulations (http://www.eugdpr.org/)

[daenney]

Unfortunately GDPR enforcement is about 9 months away. I don't think it applies retroactively.