How Does Facebook Get Your Private Data?

Kais K.
4 min readMar 13, 2019

--

Facebook receives information about millions of app users from all over the world, those with and without Facebook accounts, and then use their information to display ads to them on Facebook. App Developers may add the Facebook SDK to their apps for one, or more, of the following reasons based on the official guide of Facebook SDK (https://developers.facebook.com/docs/ios/):

  1. Analytics and Graph API: to provide insights about how people are using their apps.
  2. Login and Account Kit: to provide an easier way for people to sign up and login to their apps using the users’ same login info as Facebook or just using their email or phone number.
  3. Share: to provide users with the ability to share or send message directly from the app.
  4. App Links: provides a way open the app directly from Facebook rather than launching the web browser and going to the company’s website.
  5. App Events: App Events are different than Analytics where with the Analytics piece developers only getting generic information and trends, but App Events provides developer with a way to record and track specific events the user triggered while using their app.
  6. Ads:Target the app users with different kind of ads based on number of factors such as the App Events sent or based on what the app developer is trying to achieve, for example ads to increase app downloads.

Now after the developer has included the Facebook SDK into their application they have the ability to choose which one of those components they would like to enable and start using. Many app developers choose more than one component, for example the most popular components are the Analytics, Login, App Links, Ads and App Events.

Facebook does not automatically pull the users’ information from these apps that have the Facebook SDK, but rather the app developers are the ones who are sending these data to Facebook. The process of how Facebook receives the data can be summarized as:

  1. The app developers add the Facebook SDK to their apps.
  2. The app developers enable the components they would like to use. In this case (App Events + Ads)
  3. The app developers write code to send “Events”, see below, based on certain activities the user has done, for example: app open, user logged in, purchase made.
  4. Facebook receives and stores the user info, along with a unique advertiser ID to associate this user with this event.

In the following example below, I wrote this simple code to log the user weight and send it to Facebook. For more details on that, you can visit Facebook’s SDK website: https://developers.facebook.com/docs/app-events/getting-started-app-events-ios#

Sample Code Written in JavaScript do demo AppEvents

As mentioned in Step #2 above, the app developer has enabled the App Events component, as seen in the previous example, as well as the Ads component. The Ads component, which is independent of the App Events component, is used to help developers get more people to download their app and engage with it.

Facebook recommend app developers to enable and use the App Events component for “targeted delivery of [their] ads to people most likely to take action.” As discussed in the high-level setup steps listed on the official documentation of the Ads component on Facebook’s developer website: https://developers.facebook.com/docs/app-ads

The idea of enabling the Ads component is to serve ads about the app on Facebook to users who have used the app or showed interest in the app. Facebook details who these ads can target, for example: a user who has previously used the app but have not come back within the last 3 months, or a user who has added items to their cart but have not made the purchase yet. Facebook can only know these details from the events the developers send, for example:

  1. Event 1: User John Doe logged in
  2. Event 2: John browsed the app for a snow blower
  3. Event 3: John added ABC snow blower to their cart
  4. Event 4: John left the app on 03/07/2019 1:50am (UTC)

With those events, Facebook is able to serve John Doe ads to encourage him to open the app again and place an order. That being said, the app developers needs to create the mobile app ad themselves. In other words, they need to create ads using Facebook’s Ads Manager which are used to target customers like John Doe above. Facebook’s job here is to link the two together and serve John that ad if he meets the requirements of adding an item to their cart but not made a purchase yet.

More details on Targeting by App Activity can be found here:https://developers.facebook.com/docs/app-ads/targeting/by-app-activity

More details on App Ads can be found here: https://developers.facebook.com/docs/app-ads

As a summary, Facebook doesn’t search apps for information but rather app developers are the ones who are sending Facebook users information and Facebook’s job is to match the right user, based on the data it has, with the right ad.

Thanks for reading. If you enjoyed this article, feel free to hit that clap button 👏 to help others find it.

Originally published at kais.me on March 13, 2019.

--

--

Kais K.

MCS and MBA. My posts brief and different. Follow me @Kaiusee or visit my website http://kais.me