Popular Android apps including Skyscanner and TripAdvisor that use Facebook’s software development kit are transmitting personal data to the tech giant without user consent, UK-based Privacy International said.

The organisation analysed 34 apps, each with an installed base of between 10 million and 500 million users, and found around 20 of them transfer data to Facebook the moment a user opens the app. This happens regardless of whether they have a Facebook account or not.

These apps may also be breaching General Data Protection Regulation, which states mobile apps need to have the user consent before collecting personal information. Violating this can mean fines of up to 4 per cent of revenue, or €20 million.

What’s more, since this data is shared together with a unique identifier, advertisers can use it to create a comprehensive profile on a user, the report said. “If combined, data from different apps can paint a fine-grained and intimate picture of people’s activities, interests, behaviours and routines.”

The organisation further stated “we would recommend that app developers think hard about whether their application really needs to use the Facebook SDK, and if they do, use its components selectively, and in a manner that is fair and transparent towards users”.