Amid the coronavirus pandemic, video calls have become the solution for many who are in social isolation. Zoom, one of the apps that provides this service and has seen its number of daily users increase from 10 million to 200 million, has had its privacy policy at the center of several controversies. 

The Washington Post reported having gained access to private videos recorded on the platform. These videos were allegedly saved in the cloud on servers that do not require a password to access them. The New York Times also reported on a data mining feature of the platform that allowed participants in video calls to access details of their LinkedIn profile in a hidden way.

The Intercept verified that the app's video calls do not have end-to-end encryption, contrary to what the platform claims on its website. The type of encryption used is protecting traffic between the user's device and the company's server. End-to-end encryption, however, should protect traffic between two user devices, as is the case with WhatsApp, for example.

“Zoom has always strived to use encryption to protect content in as many scenarios as possible, and in that spirit, we use the term end-to-end encryption. While we never intend to mislead any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we use it.” Communication Zoom

Zoom and Facebook.

One of the major problems involving the platform was the accusation that Zoom's privacy policy did not make it clear to iOS users that their analytics data was being sent to Facebook, even if the user did not have an account on the social network. This issue was highlighted through an analysis of the application conducted by Motherboard.

This type of information exchange is not uncommon. However, Zoom users were not necessarily aware that by using the platform, they would be providing data to another service, since their policy only informed about the use of "user's Facebook profile information (when you use Facebook to log in to our Products or create an account for our Products)." 

According to the analysis, upon downloading and opening the application, Zoom connected to Facebook's Graph API. The platform would then send a notification to Facebook regarding when the user opens the application; details about the user's device, such as model, time zone, and city from which they are connecting; which phone carrier they are using; and an advertiser identifier that companies could use to target ads to users.

Facebook itself has stated that it requires developers to clearly inform users about the data they may collect or receive. 

The solution.

After this problem was identified, the video calling platform released an update to its iOS app fixing the issue. As a result, the collection of unnecessary information from users' devices is now prevented. 

“We sincerely regret the concern this has caused and remain firmly committed to protecting the privacy of our users. We are reviewing our processes and protocols for implementing these features in the future to ensure this does not happen again.” Communication Zoom

Em releaseThe company apologized for the problems reported in recent days, noting that the platform had been developed primarily for corporate clients. However, with the latest global events resulting from the coronavirus, there is now a broader user base. The company says that with the new challenges they are facing, they will be building the necessary improvements to the platform.