Video-conferencing app Zoom contains some shocking privacy issues  04/01/2020 11:05:00  2
Video-conferencing app Zoom is gaining popularity as almost the whole world is social-distancing or forced to work from home. The app is available for Android and iOS and is offered for free, providing options for video conferencing, webinars and online conferences. However, its privacy policies seem to have some issues.
Vice reported that a recent analysis of the app has brought to light the fact that the Zoom iOS app was sharing data with Facebook. The interesting part is that the app sent information to the tech giant even for people that didnt have Facebook accounts.Previously, when you opened the app, it connected to Facebooks application programming interface, which is usually the main method used by Facebooks developers to get data in and out of the platform. Additionally, on the backend, Zoom was using Facebooks software development kits (SDKs).Facebook requires apps that use its SDKs to make sure to provide notice to their users, informing them of Facebooks Customer Data collection, which is mainly related to personalized ads. Zooms privacy policy mentions that its advertising partners (the policy gives as an example Google Ads and Google Analytics) automatically collect some data, however, Facebook is not specifically mentioned in regards to data collection.
Zooms CEO, Eric S. Yuan, apologized in a blog post about the concern raised by the aforementioned situation. He stated that Zoom users privacy is extremely important to the company and that they have therefore decided to remove Facebooks SDK from the iOS app. Additionally, he said that the information, sent to Facebook, did not include names, notes, attendees or any meeting-related information, but data about devices OS and some technical specifications.
Now, a new report by Motherboard draws our attention back to Zooms security and privacy. This time, its Zooms Company Directory feature, which allows users to have access to contacts with the same custom domain name, for example in a company environment when users share a domain. However, the company failed to realise that some custom domain names are used for personal accounts and people ended up with a lot of unknown email addresses added to their contact list.

@zoom_us I just had a look at the free for private use version of Zoom and registered with my private email. I now got 1000 names, email addresses and even pictures of people in the company Directory. Is this intentional? #GDPR

 Jeroen J.V Lebon (@JJVLebon) March 23, 2020
The information leak did not concern email addresses with common domains such as, or However, some users with non-standard domains, such as for example,,, and (these are Dutch ISP domains with email services), got pooled together with people they didnt know and were able to see their full names, email addresses, profile pictures and status. On top of that, they were able to video-call them.
A Zoom spokesperson stated that the aforementioned Dutch ISP domains are now blacklisted and will no longer appear in the Company Directory feature. Additionally, users are able to submit a request for other custom domains to be removed from Zooms website.


« Go back