Yeah, this.

I really can't fault Zoom here. They used an existing tool provided by a company that is, allegedly, reputable.

Though, thinking about it more perhaps Zoom should get some more scrutiny here because this isn't the first time Facebook has said eff it to user privacy. Distrust of Facebook should be the default.

Actually Apple and Google should not allow this in their app store policy. An 3rd party SDK sending data if it’s not needed should be a BIG no-no....I expect at least Apple to require this.

There are probably thousands of other apps that have the same problem.

Would be pretty hard to scan for, but I agree that there should be something at least outlined. Privacy policies clearly are aren’t useful enough.

Hard in the general case, but I'll bet it's trivial to scan for the Facebook SDK, or any other blacklisted libraries, unless they're intentionally obfuscated.

Great point. If Apple or Google enforced what you're saying in their app stores this problem would disappear overnight.

And it's known that what Facebook does is ugly. So Hanlon's Razor and all that, but given recent events it strains credulity that the developers weren't at least suspicious.

Often the developers are aware of, or at least suspect these types of things.

However, it's the Project Managers and Product Owners that are not aware and they say "do it because that's what the customer wants!" and you can argue. You really do so at your own peril if you don't have others on the team to back you up.

As a sometimes iOS developer, I can’t even imagine how you could build something like Zoom without at least sometimes auditing the network traffic. Even a novice user can do this in a few minutes with Charles Proxy.

People on the team knew, they just either didn’t care or were ignored when they voiced concerns.