Who's Watching You Zoom? Investigating Privacy of Third-Party Zoom Apps

TL;DR

Examining the evolution of the Zoom Marketplace over one year reveals increasing over-collection of user data, obscurity in data collection and sharing purposes, and potential non-compliance with laws in the education and healthcare sectors.

Abstract

Zoom serves millions of users daily and allows third-party developers to integrate their apps with the Zoom client and reach those users. So far, these apps' privacy and security aspects, which can access rich audio-visual data (among others) from Zoom, have not been scientifically investigated. This paper examines the evolution of the Zoom Marketplace over one year, identifying trends in apps, their data collection behaviors, and the transparency of privacy policies. Our findings include worrisome details about the increasing over-collection of user data, non-transparency about purposes and sharing behaviors, and possible non-compliance with relevant laws. We believe these findings will inform future privacy and security research on this platform and help improve Zoom's app review process and platform policy.

Figures (10)

• Figure 1: Monthly trend in the total number of apps.
• Figure 2: Change in the number of apps per category from May 2024 to December 2024.
• Figure 3: Overlaps in app categories (diagonal cells show the percentage of apps in a category shared with other categories.)
• Figure 4: CDF Plot of Total Permissions per App.
• Figure 5: Permission count for top 20 categories (sorted by the median number of permissions).