Hacker News new | ask | show | jobs
by bitcrazy 2236 days ago
The Facebook SDK does make some calls on init.

https://developers.facebook.com/docs/app-events/gdpr-complia...

From them: "The Facebook SDK automatically initializes when the app is opened. When the SDK is initializing, it fetches app settings from Facebook. If you want to block all network requests to Facebook, you can disable automatic initialization." If you want to turn it off, you're supposed to set in your app's plist <key>FacebookAutoInitEnabled</key><false/>.

If people are claiming that the SDK is still fetching despite adding that key, that could be breaking some compliance and consent laws...
3 comments
gtufano 2236 days ago
I would be shocked...
link
mschuster91 2236 days ago
> If people are claiming that the SDK is still fetching despite adding that key, that could be breaking some compliance and consent laws...

It is still a violation of GDPR as I as the user never have the chance to consent (or not consent!) to any data transfer to Facebook. But as no one seems to be willing to go after FB... sigh.

link
tpxl 2236 days ago
This is not a violation by Facebook, this is a violation by the app developer.
link
mschuster91 2236 days ago
Technically yes, but it is as much also FB's fault for providing an SDK that cannot be used without violating the GDPR.
link
pilif 2235 days ago
but that's the point: It can be. Just add that key to the plist file and the SDK won't initialize and won't do any requests by default.

This is absolutely on the app developers. Not knowing what an SDK you linked does or doesn't do doesn't absolve you from GDPR (or any law for that matter)

link
superrad 2235 days ago
Is it a violation of GDPR if the data is anonymized?
link
piva00 2235 days ago
Who is auditing if the data is anonymized?
link
mschuster91 2235 days ago
It is, as FB will automatically get at least the IP address, date and time which is seen as PII under GDPR.
link
krzat 2236 days ago
All of this because app developers can't be bothered to add one line of code...
link
klausa 2236 days ago
This isn't on app developers.

This is on FB for not being forthcoming and stating very clearly that the SDK is doing that in their docs.

Is it documented somewhere? Sure, probably.

But if your SDK is doing something _very unusual_ and goes against platform conventions and best practices, and 99,9% of the people integrating the SDK _have no idea_ about it, it's your fault for not explaining what and why you're doing it.

link