Facebook Denies Accessing Users' Text Messages

quantr writes "Facebook is being accused of snooping on its users' text messages, but the social network says the accusations are inaccurate and misleading. The company is among a wide-ranging group of Web entities, including Flickr and YouTube, that are using smartphone apps to access text message data and other personal information, according to a Sunday Times report (behind a paywall). The newspaper said Facebook 'admitted' to reading users' text messages during a test of its own messaging service. The report also says information such as user location, contacts list, and browser history are often accessed and sometimes transmitted to third-party companies, including advertisers."

They better be careful

If the CIA doesn't get access to this data, Facebook might be viewed as competition.

>> The report also says information such as user location, contacts list, and browser history are often accessed and sometimes transmitted to third-party

Worst?

[SJHillman]

What's worse? The the fact that they have to deny these kind of accusations or the fact that they're probably lying?

Re:Worst?

The fact that any old app can apparently access your contacts, text messages and browser history.

Re:Worst?

[cpotoso]

Mod parent up. It is really a very big design flaw (on purpose?) of ios and android. Should not be up to the apps to decide whether they can access private data.

Re:Worst?

[Enderandrew]

With iOS, apps just simply have access to this data by default. With Android, for each app you have to specifically grant access to these things while installing the app.

Re:Worst?

On android, it pops up a warning at install time. I'm sorry, but if you didn't know facebook app accesses that info, who's fault is that? It's very clear that it requires access to every bit of personal info on your phone, down to your inbox if I recall correctly. It's why I don't have facebook installed on my phone, and why I refuse to upgrade several apps, I don't feel they need that level of access, so I don't let them on my phone.

Re:Worst?

With Android, for each app you have to specifically grant access to these things while installing the app.

And that is the flaw. The right way of doing it is to let the user grant apps rights to individual resources, possibly temporarily.

Re:Worst?

Many smartphones come with facebook pre-installed. I had to root my phone to uninstall it.

Re:Worst?

[PopeRatzo]

What's worse? The the fact that they have to deny these kind of accusations or the fact that they're probably lying?

You know when a corporation says "the accusations are inaccurate and misleading" that they are guilty as hell.

How hard is it to say, "No, we never, ever access private messages or contact information for any reason"?

It's like when a politician says, "To be perfectly honest..." Somebody needs to hit the crash cymbals whenever those words are spoken, to indicate ALERT! LIE COMING....

Re:Worst?

[evilRhino]

Since android is open source, there are ROMs that actually add this functionality to the OS. It was available on Cyanogenmod 7.1.0, for example.

Re:Worst?

[SJHillman]

But then how would we hear the politicians over the constant crashing of cymbals? On the bright side, assassins would no longer need silencers.

Re:Worst?

[TheRaven64]

The problem is, with the stock android install unlike, for example, Symbian, you can't just say 'no, the app can't have this permission but install it anyway'. I was looking for an app to read QR codes a while ago. The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.

Re:Worst?

With Android, for each app you have to specifically grant access to these things while installing the app.

Not really true, while you install the app it *tells* you what it's going to access - take it or leave it, without special measures like LBE Security you can't refuse an app any capabilities. And out-of-the-box that's not going to chance, 'cause people would simply refuse net access to any app that uses it only to access annoying ads.

Re:Worst?

[ommerson]

In iOS, applications don't have a lot of access to personal data to start with - and certainly not to read SMS (although apps can send using an Apple sanction UI only). They do have access to the contents of the address book, but this is looks likely to change soon.

Re:Worst?

[Enderandrew]

You can however decide not to install the app if you don't want it to have access to whatever it is requesting.

Re:Worst?

[Enderandrew]

They have access to my photos, videos, calendar and contacts that I know of. I consider that a lot of personal data. But I don't know which apps have access to what on iOS, where as I can see that per app with Android.

Re:Worst?

I find the same thing with flashlight apps on my Blackberry. I simply do not understand the need for accessing Internet on my data plan for a simple app that, at most, would require access to my camera. I have yet to find one that works as advertised without any frills.

Re:Worst?

[L4t3r4lu5]

1) Root phone.
2) Install granular permission control app.
3) Deny apps permissions you don't agree with.

Cyanogenmod 7.1 has granular app control built in, or you can use a 3rd party app like LBE Privacy Guard.

Don't use an Android device? Sorry, no advice for you. <trollface>I guess being able to control your device is important after all.</trollface>

Re:Worst?

[Volvogga]

The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.

I'm not certain, but I think that some people are now putting QR codes onto their business cards that have their contact information embedded. I know one person that has a QR code that takes your phone to his website, but was thinking about trying to get the business card reprinted with his information in VCard format within the QR code instead. I'm guessing that was the reason for the address book permissions (to add to it, not to read it), and that if you had that application, you could add a contact instantly.

I agree on a need for reasoning why certain privileges are needed. Most of them are easy to figure out (if it is a free app, chances are it has ads... thus needing internet access), but a few of them are weird, like your QR code scanner issue there. Personally, whenever I run across a weird permission request, I look back to the description or change-log of the application. If the developer has documented why the permission is necessary in either of these locations, I feel fairly confident that they are trustworthy.

Re:Worst?

[Nemesisghost]

The other big UI problem is that the apps don't say WHY they need these privileges.

This is the biggest problem I have with the way the permissions are done. I can never tell why various apps require the different permission sets. I want to know why that game I installed needs my address book or the ability to make phone calls. What is it going to do? Call my friends & tell them I just passed the 2nd level?

Re:Worst?

[mlts]

I'd say LBE Privacy Guard + DroidWall make an excellent defense, something that can be said to tip the scales in favor for Android, assuming a clued user and a rooted phone.

iOS has/had Firewall IP, but not sure if that has been updated to keep up with the latest iOS 5 vagaries. It also requires a jailbreak, which can be daunting, come iOS 5.1 and forced upgrades on restores. So, unless one gets that working, the only way to tell that an app is slurping from the message logs is to have the phone on a wireless connection with a packet sniffer.

For a non-clued Android user, the best thing to do is read the permissions. If a fleshlight app is wanting full access to contacts, phone history, etc... find another one.

Re:Worst?

[Dishevel]

Why should you have that power.
If I write an app and to pay for it I put ads out you have the right to install it or not.
As long as it is made clear what I have access to, If you do not like it then do not install my app.
Being able to install my app in any way you want on a free app is not a "right" that you have.
You are really going to blame Android for telling you what an ap wants and asking if you really want the program?

How much are you paid to make Android seem the same as iOS here?

Re:Worst?

[Dishevel]

Also the reason that a QR code reader may want full access to your contacts list is because most of them will read contact QR code. One click and full contact information for a person is added to you list.

Re:Worst?

[ommerson]

I think the point here is that whilst applications do indeed have access, this is often mediated through Apple's user-interface in each case - which I suspect you'll find is actually provided by another process within a different sandbox. This means that rogue applications are not hoovering up your data without user-interaction.

Re:Worst?

[Rob+the+Bold]

The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.

I'm not certain, but I think that some people are now putting QR codes onto their business cards that have their contact information embedded.

I have seen an actual instance of this: a local magazine publisher here prints his business card in the mags he publishes and it contains a QR code with his contact info. If an app could write to the contact list, it could add that information automatically.

But on the other hand, QR codes can be used for other data, too, so an app should be installable with or without this privilege.

But on the third hand, if an app can't to something that it promises, or it gives the user an error message stating that it doesn't have permission to do something, then the publisher is looking at a possible tech support request. A user could have forgotten that he denied access to contact list for this app, and then try to get help. The publisher is going to want to keep this to a minimum, since tech support requests eat up resources. So just not installing the application is a simple way to statistically reduce this cost. So while I don't like it, I can see at least one thing that motivates a publisher to take this route.

Re:Worst?

[arisvega]

The report also says information such as user location, contacts list, and browser history are often accessed and sometimes transmitted to third-party companies, including advertisers.

That also caught my attention- location, contacts list and browser history, all to third-party advertisers: well, I think they are pushing it, and that people should either use a firewall (I'm no smart phone expert but I really hope there exists a firewall) or not install the app at all- can't one just access facebook from a smartphone's browser? Why would you need an app, especially if they spy on you in such a greedy and disrespectful way?

Re:Worst?

I couldnt agree more. I've been using android for ever and when I recieved an update for Facebook some 6 months or more ago which didnt auto update I did what I always do and check which new permissions they were trying to sneak in. Turns out they wanted access to almost EVERYTHING, so I simply didnt install the update. then later uninstalled the app and just used the webpage version of it.

People have to realise that they are not at the mercy of the App. What app is so must have that you are willing to give up all your privacy for? bear in ming that most apps are simply portals to the webpage version anyway, so just use the browser and skip all the fancy full integration if you dont like the permissions. Obviously for games thats not the case and you'll most often simply have to do without.

Re:Worst?

The fact that any old app can apparently access your contacts, text messages and browser history.

The Facebook app has a legitimate reason to read/write your contact data. It includes a feature that allows to to sync your contacts on your phone with your facebook contacts. It would be great, for example if it automatically updated the contact photos on my phone for my facebook friends using their profile picture on facebook. (I think Motoblur does this, for example.)

However, the way facebook implemented it was rather messed up. They didn't store the contacts with the regular contact data. So, if you uninstall the facebook app, those contacts disappear. In other words, Facebook wanted to import your contact data, but not allow you to export your facebook contact data to other apps on your phone. That is why Google removed Facebook's ability to do this on the Nexus S and plans to do it for future flagship phones as well.

See: http://www.androidguys.com/2011/02/23/google-drops-facebook-sync-nexus/

Re:Worst?

[Nirvelli]

Yes, but most apps are written incorrectly (they don't ask for permissions in a try/catch block), so for example when I told my ROM not to let Facebook access my GPS, the Facebook app would simply crash on opening.
This will only really work if it's a standardized OS-wide feature.

Re:Worst?

[Avtar]

It is in Cyanogenmod 7. In my experience, apps do not handle have permissions removed gracefully, and often crash. If you need to use an app there are times when there is no option but to grant access.

Re:Worst?

[Calos]

Look for:
LBE Privacy Guard
Permissions Denied

Re:Worst?

[Nirvelli]

Wow, I rescind my previous statement, LBE is basically exactly what I want. And it doesn't crash things. Thanks. This right here should be built-in functionality.

Re:Worst?

LBE requires a rooted phone, so is a non-starter for your normal, average user. For hobbyists, tinkerers, and (in the original usage) hackers like we have on Slashdot it seems like a pretty nice tool. But for my wife? My Dad? Nope.

Re:Worst?

[LoudNoiseElitist]

That game needs access to your dialer so that it can be paused whens someone calls you. I agree that the warning is misleading, and I believe it's something the Android developers are working on.

Re:Worst?

[LoudNoiseElitist]

Fleshlight app? They make those now? Awesome.

Re:Worst?

[kiwimate]

Actually, I'd say it's that you're verging on libel and Slashdot is modding you +5 informative.

Re:Worst?

[truedfx]

That's why plenty of free apps want network access. But how is access to the user's contacts required for displaying ads?

Re:Worst?

It amuses me how your definition of "written incorrectly" means "not written for a blatantly non-standard use of the Android environment". In NORMAL Android development, the developer can explicitly assume that if permission was NOT granted, the program will simply not exist on the phone. That is how it's designed.

But, sorry that following the design is clearly "incorrect" by your cockamamie idealism. We'll try to anticipate the entire API being pulled out from under us next, because I'm sure you'll bitch about how clearly WRONG we all are because we didn't design Android apps to run on your Windows Phone 8 device.

Re:Worst?

[Dishevel]

It is not.
Not that I know of.
The point I was making was that the programmer gets to determine what permissions he wants.
The user gets to determine if he wants to give that stuff up to have the app.
This is not only how it works but in reality it is exactly as it should work. The only times that you have problems are when a user screams "I did not read it!" or when a user screams "I want the stuff you made but I want it how I want it! Just give it to me anyway!".
In both of those cases I am ok with the user getting screwed.

Re:Worst?

[petsounds]

That's changing in iOS 5.1 – users will have to explicitly allow address book access, just like they are prompted to do with GPS access today.

Re:Worst?

[Calos]

Just be aware of the limitations of the model LBE uses. All root apps like it - including DroidWall, which I use as well - are by their very nature, leaky. If they crash and you don't realize it, they do nothing. If they fail to autostart and you don't realize it, they do nothing. In that small window between when Android boots and LBE/DroidWall autostart, they do nothing. The last case can be helped somewhat by startup managers.

PDroid seeks to shore up those shortcomings, however, it is only available for some ROMs and phones as it makes changes to Android itself. It also only appears to be available on 2.3.x releases of Android. But the upside is that it is not leaky like root background apps, and doesn't crash apps like Cyanogenmod does.

Actually, thanks for reminding me to look this up again. I'd forgotten about it, but would love to get it on my phone...

Re:Worst?

Or they just code it with:
if (date > 2 weeks from submission) transmit_private_user_data();

The Flashlight Tethering application got by and it - quite literally have to rewrite -your networking subsystem -- only had some obscure locations to press. It was only banned when news of how to access the tethering section became public.

Also, you also think that they care? How is blocking a application suppose to make them money, seeing as how greedy they are?

Also, most of what you said makes no sense? How is sucking up contact information have anything to do with a "user interface"? Why would information passed from a different sandbox help any when the information has crossed sandbox boundaries? You might as well go code a visual basic interface to track someones' IP.

Re:Worst?

Incorrectly? No.

It is by no means incorrect to assume that the permissions you requested have been granted because that is the normal behavior of the Android OS by design.

It would be a nightmare to rewrite my app (which is a relatively small project) to handle permission revoking gracefully (multiple code paths for fallback.). I can only imagine how much dev time it would take for bigger projects.

Nor would it provide that much of a benefit to the user.

It's much better practice IMO for the developer to honestly disclose the reasons for permissions required, and to duly consider the necessity of each permission requested.

Re:Worst?

Source please?

Even if it is the case, imagine the UI:

I would like GPS (yes/no)
I would like Address book (yes/no)
I would like SMS read access (yes/no)
I would like SMS write access (yes/no)

and so on. Popup central!

Re:Worst?

[petsounds]

Apple spokesperson: "We’re working to make this [protecting user privacy] even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

http://allthingsd.com/20120215/apple-app-access-to-contact-data-will-require-explicit-user-permission/

This was in answer to a Congressional inquiry (hopefully that inquiry will knock on Google's door as well).

I imagine Apple has your UI concerns in mind are probably redesigning the interface to support multiple choice permission popups.

Re:Worst?

I think you listen to No Agenda, citizen!

Re:Worst?

[truedfx]

But users cannot sanely determine whether they should give the app permissions, unless the app explains why it wants those permissions. If I install a clock widget and it asks for permissions to send text messages to pay numbers, I don't trust it. If the clock description lists a feature to send text messages to another phone when a user-defined timer goes off, I might trust it. (And it would take more than just that description to make me trust it.)

Re:Worst?

[izomiac]

A flaw. Personally, I used to allow Facebook access to my contacts because it's useful to have all my Facebook contacts synced with my phone. Only later did I learn that they upload your phone's whole address book and, by extension, your Google address book to Facebook.

BTW, if you don't think you have a Facebook account, try to think if someone who uses Facebook has entered information about you into their phone book... I know I received a suggestion to friend someone because I used to have their contact information in my phone a year ago (deleted shortly thereafter), and they joined Facebook about a month ago (no other contact or friends in common).

Re:Worst?

[Dishevel]

But users cannot sanely determine whether they should give the app permissions, unless the app explains why it wants those permissions.

Yes they can.
If I want an App and I have questions about why it needs certain permissions I can ask.
Most market Apps have comments about permissions. Sometimes just looking I can get the answer. If I need to ask the developer then my download can wait till I have my answers.

If I install a clock widget and it asks for permissions to send text messages to pay numbers, I don't trust it. If the clock description lists a feature to send text messages to another phone when a user-defined timer goes off, I might trust it. (And it would take more than just that description to make me trust it.)

Exactly.
I do not really know what your problem is. In 90% of my downloads a quick check of the permissions it asks for and the comments section lets me know if I should download or not. the other 10% might require a little effort on my part. If for some reason the app at its best in my mind is not worth the effort then "fuck it".
I do not need to tell others how to run their shit.

Re:Worst?

[cmdrbuzz]

On iOS they do not have access to your photo's, video's or calendar's.

They can however display browser requesting you to select a photo or a video and then manipulate the particular one you chose. They cannot access them outside of the defined API.
This is one reason that all the "private photo" apps can only import pictures from iOS one by one, or by you uploading them via iTunes or the net etc.

Re:Worst?

[truedfx]

You're lucky to easily figure out for 90% of your downloads. If I consider potential downloads (including the ones that I don't download because I can't figure out why it needs certain permissions), I don't even get to 50%, and at that point, it becomes enough of a pain to investigate each and every possibly useful app that I wish the default would be to have an explanation in the description.

Re:Worst?

[Dishevel]

Sounds to me like on your phone developers that do a better job are more likely to be installed on your phone.
So....
Nothing broken here. All is working as intended.

Re:Worst?

[Eth1csGrad1ent]

How hard is it to say, "No, we never, ever access private messages or contact information for any reason"?

Really, really hard. Because as soon as any company does this, some back office dweeb from the company pipes up with "actually, thats not technically correct..." and now they're openly lying about it. PR and politicians alike never want to talk in absolutes because it can only ever come back and bite them...

Re:Worst?

1) Root phone.

Look, can you people stop saying this as if it's something guaranteed.

There are many hardware-firmware-Android combinations out there that just cannot be rooted. For example, Dell Streak 5 with Android 2.2

So.. what now, smart guy?

Re:Worst?

[L4t3r4lu5]

Look, can you people stop saying this as if it's something guaranteed.

There are many hardware-firmware-Android combinations out there that just cannot be rooted. For example, Dell Streak 5 with Android 2.2

So.. what now, smart guy?

Caveat emptor. It's a foundation principle of Capitalism.

Re:Worst?

[Zebedeu]

The problem is that Android offers apps no mechanism to ask for permissions after installation, like there was in, say, J2ME phones.

So apps need to ask upfront for all permissions which they might need to support all of their features, even if some of those will never be used.
In your QR code example, if the app features a way to, say add a contact from a QR code, or generate a code for a given contact in your address book, it must have that permission, even if most users will never need it.

As an Android developer myself, I'd love to have a mechanism for asking for new permissions. It'd allow me to ask for fewer permissions upfront and make it clearer for the user why certain permissions are being requested.

Re:Worst?

[makomk]

That sounds about right. Facebook really don't want anyone to have any way to stay in touch with their friends that doesn't go through Facebook.

Re:Worst?

[cynyr]

What if my device has no GPS? what happens then? how about no 3g/4g/lte radio and therefore no contacts?

Re:Worst?

[cynyr]

How do i verify that the dev is being honest?

Really as a user, what I would like is a "Verified by Google" program. Submit your app to google along with $5, google takes a look at it, and says, "yep doesn't do anything sneaky, etc" and gives it a filterable attribute to the app so I can see only those if I want.

Maybe it should be $20 for the first submittal, and $5 for updates, seems like "git diff old_app new_app" would work well enough to simplify the looking at updates a lot.

Re:Worst?

[cynyr]

google googles can read QR codes, not sure which permissions it needs, but as google already has access to my contacts, I'm not sure i care about that one.

Re:Worst?

[cynyr]

I looked into doing this for my cards, but found out that android will not import contact info directly from a QR code, the best option is to link to a vcard, and the user can download that and then import it. So like 6 clicks to do that, I was hoping for "scan code -> "would you like to import this contact Y/N" -> Done"

Re:Worst?

[TheRaven64]

If you actively choose to install and run spyware then no security system in the world can protect you.

Re:Worst?

QR code apps need access to your contacts list because they incorporate the ability to send what you scanned to someone on your contact's list. Obviously, without this permission the app wouldn't be nearly as useful to a lot of people.

Having access to your contacts list doesn't automatically mean that the app will copy your contacts list and send it back to the developer, who will then sell it to marketers... but yes, the permissions technically also allow this, which is why LBE Privacy Guard's functionality should be standard with android.

Why are people surprised?

[mr1911]

Facebook is a free service. Facebook users and their data are the commodity being sold to advertisers. The business model isn't a secret.

There are two ways to grow revenue with this model. 1) Sign up more users. 2) Invade deeper into the user data so the data sold to advertisers is more relevant and worth more.

Re:Why are people surprised?

Parent nailed it. Why is anyone still surprised? I would think this is public knowledge by now.

Re:Why are people surprised?

[TubeSteak]

People are surprised because they only expect the government to invade their privacy,
not publicly traded corporations exceeding their authorized access.

Re:Why are people surprised?

[scorp1us]

Because there is the idea that what you enter into one app on your phone is not available to another app.
If I accept the "terms of use" for facebook, I do not also consent to having them go through my text messages.
When I turn off location services for facebook I do not expect them to still access my location.

Re:Why are people surprised?

[Culture20]

People are surprised because this is a cell phone app reading data that is irrelevant to the app's function. It would be like if Google had a picture editing program that sent google a snapshot of your entire filesystem directory listings. Surprising.

Re:Why are people surprised?

[stanlyb]

Actually, that is what is happening right now, the government is accessing all the "public" information.

Re:Why are people surprised?

[phrostie]

But the T in Facebook Stands for Trustworthy.

Oh wait,,,.

Re:Why are people surprised?

[nahdude812]

Because there is the idea that what you enter into one app on your phone is not available to another app.

And that is in fact the default operating method for both major smartphone platforms. But there's value in being able to share certain kinds of data between apps. For example, if you want to write a better SMS client, that task is pretty much impossible if the user has to recreate their entire contact list and loses all their existing SMS history. That's why (on Android at least) the app has to request permission for that access. Unfortunately your only choices are to grant every permission the app requests, or not install the app at all. So if Facebook asks for access to your SMS history, your choices are only to grant it or lose access to the reason most people have smartphones to begin with - broadcasting more detail about their life than anyone but them cares about.

If I accept the "terms of use" for facebook, I do not also consent to having them go through my text messages.

Have you read their terms? If you accepted them, you're giving them a lot more access than that.

Re:Why are people surprised?

[TheRealMindChild]

FYI, "grow" isn't perfectly synonymous with "increase", AND you sound like a poser.

Re:Why are people surprised?

[Rob+the+Bold]

Facebook is a free service. Facebook users and their data are the commodity being sold to advertisers. The business model isn't a secret.

It's not really free. It's just harder to quantify what value you've exchanged for the service. Facebook certainly turns data into money.

Re:Why are people surprised?

[TallDarkMan]

People are surprised because they only expect the government to invade their privacy

I tend to disagree. Most people I run across look at you funny when you present the idea that the government is invading their privacy. In fact, most will deny it outright and argue that "the people" would never let anything like that happen (even though, it's already happening, and worse!)

You have a nation of consumers, which means they all think in terms of "who can I go to when [whatever] doesn't work, is broken, is causing me inconvenience, etc. and when they find the company they're dealing with is doing questionable things, they think the government will be the one to correct the situation.

Isn't that a great way to divert attention and control the sheeple?

Re:Why are people surprised?

Well, in a correctly working democracy, the government would be controlled by the people, and it would be the entity to limit the power of companies. So the mistake of those people is just that they think everything works as intended.

Evil?

See! Google isn't evil.

Smartphones

[ciderbrew]

I wish I didn't install their app on my HTC ages ago. It's off now; but it did get the contact data from the phone! I only use the browser for FB now and no way am I installing that Malware again. - Events details locked in FB are a pain.

is that allowed on mobile APIs?

I've never programmed for mobile phones before, so I'm ignorant, but are the phone's SMS messages even available in the APIs given to mobile developers to use for creating 3rd party apps? Even if it is available in the API, surely the phone OS would pop up a warning and force you to confirm approval.

I was skeptical when I read this story for that reason.

Re:is that allowed on mobile APIs?

[colfer]

Android phones in the U.S. come with apps that cannot be deleted, depending on the service. Typically: Facebook, Twitter. You can choose to decline updates, but you cannot remove the app. Look at the comments on this app: https://market.android.com/details?id=com.virginmobileusa.vmlive&hl=en Of them 90% are along the lines of this one: "This program is garbage I wish I could get this crap off my phone."

Re:is that allowed on mobile APIs?

Android phones in the U.S. come with apps that cannot be deleted, depending on the service. Typically: Facebook, Twitter. You can choose to decline updates, but you cannot remove the app. Look at the comments on this app: https://market.android.com/details?id=com.virginmobileusa.vmlive&hl=en Of them 90% are along the lines of this one: "This program is garbage I wish I could get this crap off my phone."

root + titanium backup deletes everything...

Re:is that allowed on mobile APIs?

[Enderandrew]

Android doesn't do this. Certain carriers push out custom versions of Android where a small handful of the shovel-ware apps can't be deleted. But Facebook and Twitter can be deleted on all the major carriers (Sprint, AT&T, T-Mobile, Verizon).

However, you can always root your phone if you really want to delete these shovel-ware apps.

Re:is that allowed on mobile APIs?

[evilRhino]

Almost every Android phone also has the ability to install a custom ROM that does not include any extra apps, including the google ones.

Re:is that allowed on mobile APIs?

[wannabgeek]

Google's stock Android doesn't let you uninstall Facebook, Twitter, Amazon MP3 and even Google Books. I'm talking Ginger Bread on Nexus One - so it's not imposed by any carrier. It gets into some weird situations as well - since I'm in India and currently Google Books is not available for India, it won't let me install any updates, but it still shows me update notifications, and would not let me uninstall the app. It sucks, especially since app storage is really small and precious on these old phones.

Re:is that allowed on mobile APIs?

[pongo000]

Android doesn't do this. Certain carriers push out custom versions of Android where a small handful of the shovel-ware apps can't be deleted. But Facebook and Twitter can be deleted on all the major carriers (Sprint, AT&T, T-Mobile, Verizon).

Not true on AT&T. Just tried it on my SGS2, Facebook is still there.

Re:is that allowed on mobile APIs?

Wrong you can't uninstall Facebook on Verizon. Nor the Amazon MP3 app, or anything Verizon puts on their phones. Of course you can root your phone and uninstall anything at that point but that voids the warranty.

Re:is that allowed on mobile APIs?

[DMUTPeregrine]

It doesn't let you uninstall any "system" app. If you have root, Titanium Backup can convert these apps to "user" apps.

They deny it so its secret

Then why the denial? I don't believe anyone thought for a second that Facebook grabbed their location data, or worse, their contact lists and browser history.

Browser history? Thats surveillance. Just because Facebook can steal data (by deception or by lies its the same) and profit from selling it, doesn't make it any less bad.

Contact list? Did the people you contact agree to letting Facebook have their number? I don't think they did! Free or not they're not above the law.

Otherwise people shouldn't be surprised by this...

I kind of expect such behavior by big internet companies like Facebook, Google, Microsoft, Zynga, etc.

We've all read the line "If You're Not Paying for It; You're the Product" and it's true.

It's just a shame that these comapnies don't tell/warn/notice the users clearly before they sign up and while they are using their services about what's going on behind the people's backs.

There should be something along the lines of...

"Dear Sindy, the reason why that third-party company is sending you advertisment about hepres treatment products might be, because we found out about it during your messaging with Jenny and we thought that we should sell your information, which you would probably want to remain private, to the company paying us the most, which is specialised in treating herpes. It's a win-win situation for both of us. Best regards, your Facebook-Privacy-Team"

Well yeah.

[TheSpoom]

I stopped using and uninstalled the Facebook Android app when I saw that it was turning on my phone's GPS as soon as I opened it. Sorry, but there's no legitimate reason for the GPS to be on all the time in this app's context.

Oh well

[slasho81]

Just add this complaint along with any other complaint you have regarding Facebook over here. This makes ignoring Facebook issues much more efficient.

at least with CM7

I can restrict facebooks' acess to my message. restricting the gps causes the app to crash though.

Why aren't the apps properly sand-boxed?

[scorp1us]

I think I should be able to go in and modify any app's permissions after the fact. The "accept permissions" button should only set those requested permissions as default, then I should have an app that can revoke them. Currently the app developer gets all the power because people don't know what the permissions tie to and how they actually get used/abused. Such an ability would make app authors think twice...

Re:Why aren't the apps properly sand-boxed?

• Root your Android
• Get Gemini App Manager (Or something else that can change auto run permissions per event)
• Get Permissions to actually change permissions.
• Watch the apps crash since not obtaining the permissions is a fatal error.

Re:Why aren't the apps properly sand-boxed?

Or just use PDroid, you can restrict permissions easily and apps WONT crash...

Re:Why aren't the apps properly sand-boxed?

[downhole]

Cyanogenmod lets you do exactly that. I'm running it on my HTC Thunderbolt, and as soon as I read this, I went in, saw that the Facebook app does indeed request full SMS permissions (read, write, send, and receive), and turned them all off. The app hasn't complained so far. Still, it would be nice if it was an OS default option instead of requiring that you install a third-party ROM, which isn't possible on a lot of phones and will break other things on many of them.

NHave you seen the permissions?

[Drakin020]

Have you seen the permissions the Facebook App has on the HTC Rezound? (And I'm sure on other phones.) Oh BTW you cant actually remove the FB App from this phone unless you root it.

This is exactly what it says on my phone...

Permissions: This application can access the following on your phone.

- Your personal information
Read contact data, write contact data

-Services that cost you money
Send SMS Messages

-Your messages
Edit SMS or MMS, read SMS or MMS, receive SMS

-Your location
fine(GPS) location

-Network communication
full Internet access

-Your accounts
act as an account authenticator, manage the accouns list

-Storage
modify/delete SD card contents

-Phone calls
read phone state and identity

-System Tools
prevent phone from sleeping, write sync settings

Re:NHave you seen the permissions?

>Oh BTW you cant actually remove the FB App from this phone unless you root it.
I think my brain just threw up.

What an untrustworthy pile of shit device.

Re:NHave you seen the permissions?

Anything you can't uninstall with the same permissions you needed for install should be by definition Malware. Ditto if the same user-level can't disable it.

This is a rootkit. It might not technically have root, but it functionally does by having privilages superior to the installer.

Re:NHave you seen the permissions?

[robmv]

Hopefully the update to Android 4.0 is not delayed too much for that phone. With 4.0 you can disable entirely an application, even base applications and those added to the ROM by the manufacturer

One browser per evil mega-corporation

[colfer]

As long as the # of decent browsers surpasses the # of evil mega-corporation web services I want to use I guess I have some privacy. Fifteen years ago there were two browsers and both were broken, either by crashes or security. Now we're in a golden age of good browsers. The only way the evil megas can break browser separation would be by IP, which is fuzzy, or by Flash cookies, which I hope are not shared across browser. (Or by behavioral analysis, also fuzzy.)

Mozilla even has two browsers you can install with the profiles automatically separate and runnable simultaneously: FF and Seamonkey. Same should be true of Chrome and Chromium. Opera is fast, Safari is special, IE is ok these days.

Re:One browser per evil mega-corporation

[zzyzyx]

You can also run several Firefox profiles simultaneously if you start it with the -no-remote option.

Re:One browser per evil mega-corporation

As far as I know, Flash cookies are shared between browsers. Ore more accurately, they are not managed by the browser, but by the Flash player itself.

My personal information is intellectual property

Facebook is committing a copyright violation.

The real problem

[A+beautiful+mind]

The real problem is that common applications request almost all of the permissions from the phone when the user installs them, to provide full functionality (importing contacts, etc.). The user's choice is between not installing the app and giving it those permissions.

What should be happening instead is: make the permissions user selectable, to be able to install the facebook app, but to prevent it from accessing anything I don't want. The app store / market rules should mandate that applications cope with the degradation of priviledges gracefully. The OS/app should display a popup when the user tries to do something that requires priviledges the app doesn't have, along the lines of "do you want to grant permission x to this application? [just this once] / [yes] / [no] / [don't ask again]"

Re:The real problem

[compgenius3]

Alternatively, the core Android APIs should provide a null data set when the app hasn't been granted permissions to a particular resource, and normal rules of error checking your data apply. I've written a few Android apps and can easily see how the Android permission system is broken. For example, when verifying an app purchase with the Google Market API, Google suggests using some unique identifier to encrypt the data store:

[...] the Policy must always obfuscate the data before storing it, using a key that is unique for the application and device. Obfuscating using a key that is both application-specific and device-specific is critical, because it prevents the obfuscated data from being shared among applications and devices.

However, in order to get a truly device-specific identifier requires extra permissions:

Note that, depending on the APIs you use, your application might need to request additional permissions in order to acquire device-specific information. For example, to query the TelephonyManager to obtain the device IMEI or related data, the application will also need to request the android.permission.READ_PHONE_STATE permission in its manifest. Before requesting new permissions for the sole purpose of acquiring device-specific information for use in your Obfuscator, consider how doing so might affect your application or its filtering on Android Market (since some permissions can cause the SDK build tools to add the associated ).

So it's easy to see how permissions can be declared for something innocuous but used for something nefarious.

Murdoch's not so bad

[Comboman]

This Sunday Times article is just the latest in a string of Rupert Murdoch media outlets (mostly the Wall Street Journal) posting exaggerated and questionably-researched stories about "hacking scandals" at large internet companies like Facebook, Google, Microsoft, etc. The strategy seems to be to distract the public from real hacking scandals at News of the World and other Murdoch owned properties and make it appear that hacking is a normal activity for successful companies. What, you thought that scandal was old news? More details continue to get out (despite Murdoch's attempts to cover it up).

Something Related

[anand78]

In my trip to India last month, I was using a crappy phone to surf the Internet. I thought google used SSL or some obfuscation but I was surprised when I started getting emails from Indian sites.The problem is not just limited to Apps but on a broader scale ISP's snoop on you.

I have a simple solution.

[GNUALMAFUERTE]

Don't use facebook. I've never had facebook, or orkut, or twitter, or any of that crap.

I use the internet in just about the same way I used it when I was a kid, except now I use SSH instead of Telnet, and SCP instead of FTP. I use the web to retrieve information, as was its original purpose, and of course as a replacement for USENET. Why people find the need to use all of this new crappy services offered over the web? Why do they find the need to register to every new stupid service they find? Now most of the web requires some stupid registration. Fuck, every stupid blog or forum requires registration to view download links! I use bugmenot.

If you enjoy your privacy, LOG THE FUCK OUT. You don't need it to begin with. It ain't that fucking difficult, why do we keep having this conversation every other day?

Re:I have a simple solution.

Because people seem to think they'll miss some important event happening, when reality is all they'd likely ever miss is juicy tidbits about what their acquaintance they aren't really close to is having for lunch today or how their digital timesink farm is doing.

But then again getting off facebook and emailing them asking for them to directly send every mundane update about their lives would just seem weird.

Re:My personal information is intellectual propert

Read the Terms of Service. When you signed up you licensed your intellectual property to Facebook.

Uninstalled!

[ninsega]

Seriously guys, only use Facebook as a fancy Harry Potter-styled phonebook.

Facebook denies ...

[golodh]

When I read "Facebook denies [...]" I thought "Well, that makes it official then. Lets see what it is that they are denying."

"Never believe anything until it has been officially denied" (the right hon. J. Hacker.)

How much I may hate Facebook...

[vikingpower]

( and I do ! ), this is simply below all levels of verifiability. "Is being accused of...", "...denies....", "...according to...( behind paywall ).... ". And then the same Sunday Times article suddenly becomes a "report". C'mon. Show us facts, bare, hard, naked facts. Not allegations. Slow news day, Slashdot ?

Re:How much I may hate Facebook...

Slow news day, Slashdot ?

aka every day on Slashdot

This is not insightful - it is factual wrong!

See other replies here, unfortunately only the wrong claim from the Google apologist is modded up as this is Slashdot and we still cling to the idea that Google are better than others, especially Facebook.

I got rid of my smartphone

[Nyder]

The problem is the smartphone. What you have is a little computer, holding lots of your data, that has wifi, 3G, 4G, LTE, LSD, and of course, 2G. It's a walking smorgasbord of personal data about you.

And what do you do with it? You download app after app, to make it so you can do stuff easier, while letting these "apps" have access to your data. Your personal data. Sure, the corporations, who makes their money off your personal data, are going to say they aren't "reading" your text messages, your email, or any other data they can get access to on your smartphone?

Are you people stupid or just blind?

I got rid of my smartphone. got me a cheap cellphone to do what a cellphone is best for. making phone calls on the go.

Truth is, smartphone is for dumb people. think on that.

BlackBerry not affect?

[acoustix]

I just checked the permissions of the Facebook app on my BlackBerry (9930 running 7.1) and it does not give the FB app access to any of my messages.

Not too shabby for a supposedly dead platform.

Why dont just use Twitter

Facebook always make something that does not seem quite right. I only use it for educational purpose
http://radeocore.blogspot.com/

Facebook: gone!

[DogDude]

I didn't even think about this when I installed Facebook's app onto my Windows Phone. It's really just as easy to just use the regular web version.

Re:Facebook: gone!

Windows phone doesn't let any app access text messages. You don't need to uninstall it if that's your concern.

Re:Facebook: gone!

[DogDude]

That's good to know! I just have to wonder if my apps can access all of my other stuff (contacts, phone history, etc.). There's not a lot of security info in the Windows 7.5 Phone stuff, but if it's because it's locked down, that's fine by me, too.

The Government App

Why didn't the government make "The Government App" and have it pre-installed on all phones? Would have made warrantless wiretaps much easier.

Re:The Government App

Why didn't the government make "The Government App" and have it pre-installed on all phones? Would have made warrantless wiretaps much easier.

Why do you think it didn't? Because it doesn't show up?

Verification is simple

[Mojo66]

Just write a text message saying "I'll destroy the US" and wait for the DHS.

users get what they deserve seriously

[dell623]

Apple considers their users too stupid to know such important details like whether an app can access all your data. Android pops up a nice dialog - when I thought I'll try out the Facebook app, it said it can access my contacts, sms messages and pretty much everything. I said fuck no, and never installed the app. Also the reports from friends with iPhones that as soon as you install the facebook app the first thing it does is to upload all the phone numbers from your contact list to facebook. People who did install the app have themselves to blame. And yes I am aware Google has access to all this info. I have reason to trust Google more, if just for the reason that every time Google accesses your info, you get told that it is about to do so. Google have always been a million times more transparent about what they do with personal info even if they are far from perfect.

PS: I just compared Google+ and Facebook apps on Android. Google+ does not require access to SMS messages, whereas facebook can do pretty much anything. They can both read phone state, including which number you are calling, however it seems they cannot read the call log, which is a bit more important. Still a bit worrying, but as I said before, Google could do this anyway and I trust Google more than Facebook.

Re:users get what they deserve seriously

[petteyg359]

CyanogenMod adds this nice feature where you can selectively disable permissions. Facebook does not have access to my messages.

FB = failing big

[GRXGC]

facebook is doing a lot that people do not like. they do not care. they will not change and that's a problem. HUGE problem. Timeline: terrible. privacy: not private. they still have those cookies that track you even when you sign out. you have to think, Mark Z hacked Harvard's computer system, was successful and hired hackers as his first staff when facebook was blossoming. THEY ARE HACKERS. They are so good that they not only change their base code for the site, they created their own language for FB. That's nuts and scary. the thing that i hate the most, is the fact that law enforcement is allowed to send warrants via txt and inbox on FB. That alone, constitutionally violates peoples' rights. police and federal law enforcement do not have a face or leg to stand on in our online lives, because anonymity reigns online more than sensitive personal info. that is what is going to be a topic of discussion throughout the year. that is what will define the actual valuation of FB: privacy, cookie tracking after logout and the police. these things have to be marginalized, no matter what. that's just me.

Red Flags

Am I the only one who has adamantly refused to update the facebook app ever since it began requesting SMS/MMS permissions? I recently found out my wife hasn't either, and noticed it and decided on her own, not because I pointed it out.

Protip: If an app requests a permission, assume they'll abuse it. Let the answer to the question "am I ok with that?" also be the answer to "should I download/update this app?"

When the time comes when I buy a new phone that comes stock with an SMS/MMS reading version of FB, I'll be looking into Cyanogen for the express purpose of being able to remove the Facebook app.

belts for men

gucci belts, gucci belts for men, lv men's belts, lv belts on sale, gucci belt, mens gucci belts