> That would imply they are incompetent and negligent.
Not really.
Product Manager: I want to be able to support Facebook login for our app.
Developer: OK... [googles for how to do that] ... We can use the FB SDK for that.
PM: Cool, let's do that.
Dev: [implements it]
Nobody really does much more due diligence than that most of the time. I suppose you could argue that's negligent, but if that's the case, then pretty much every company that has an app with login functionality is probably in that boat.
> I suppose you could argue that's negligent, but if that's the case, then pretty much every company that has an app with login functionality is probably in that boat.
I think every company that does this is negligent. Audit your dependencies, people!
I think for small teams this is a near impossible task. For big corporations it should be doable and expected. They actually have some leverage to push the other big companies to track less. Something a small company simply can't do.
> This is the Facebook SDK, from Facebook, and everybody knows what their business is.
Ignorance is a bliss. Talk to some people that still use fb after their scandal and you'll get "who cares, everyone is tracking users and selling data anyway" as an answer.
Exactly. A simple online search for the phrase "Facebook SDK" will reveal plenty. It's not like you need forensic accounting level research to see that the SDK does much more than provide a simple login mechanism.
Not really.
Product Manager: I want to be able to support Facebook login for our app.
Developer: OK... [googles for how to do that] ... We can use the FB SDK for that.
PM: Cool, let's do that.
Dev: [implements it]
Nobody really does much more due diligence than that most of the time. I suppose you could argue that's negligent, but if that's the case, then pretty much every company that has an app with login functionality is probably in that boat.