Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Denies Accessing Users' Text Messages

Posted by samzenpus on from the it-was-the-other-guys dept.

quantr writes "Facebook is being accused of snooping on its users' text messages, but the social network says the accusations are inaccurate and misleading. The company is among a wide-ranging group of Web entities, including Flickr and YouTube, that are using smartphone apps to access text message data and other personal information, according to a Sunday Times report (behind a paywall). The newspaper said Facebook 'admitted' to reading users' text messages during a test of its own messaging service. The report also says information such as user location, contacts list, and browser history are often accessed and sometimes transmitted to third-party companies, including advertisers."

94 of 130 comments (clear)

  1. Worst? by SJHillman · · Score: 4, Informative

    What's worse? The the fact that they have to deny these kind of accusations or the fact that they're probably lying?

    1. Re:Worst? by Anonymous Coward · · Score: 5, Insightful

      The fact that any old app can apparently access your contacts, text messages and browser history.

    2. Re:Worst? by cpotoso · · Score: 3, Insightful

      Mod parent up. It is really a very big design flaw (on purpose?) of ios and android. Should not be up to the apps to decide whether they can access private data.

    3. Re:Worst? by Enderandrew · · Score: 5, Informative

      With iOS, apps just simply have access to this data by default. With Android, for each app you have to specifically grant access to these things while installing the app.

      --
      http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
    4. Re:Worst? by Anonymous Coward · · Score: 1

      On android, it pops up a warning at install time. I'm sorry, but if you didn't know facebook app accesses that info, who's fault is that? It's very clear that it requires access to every bit of personal info on your phone, down to your inbox if I recall correctly. It's why I don't have facebook installed on my phone, and why I refuse to upgrade several apps, I don't feel they need that level of access, so I don't let them on my phone.

    5. Re:Worst? by Anonymous Coward · · Score: 2, Insightful

      With Android, for each app you have to specifically grant access to these things while installing the app.

      And that is the flaw. The right way of doing it is to let the user grant apps rights to individual resources, possibly temporarily.

    6. Re:Worst? by Anonymous Coward · · Score: 5, Informative

      Many smartphones come with facebook pre-installed. I had to root my phone to uninstall it.

    7. Re:Worst? by PopeRatzo · · Score: 4, Interesting

      What's worse? The the fact that they have to deny these kind of accusations or the fact that they're probably lying?

      You know when a corporation says "the accusations are inaccurate and misleading" that they are guilty as hell.

      How hard is it to say, "No, we never, ever access private messages or contact information for any reason"?

      It's like when a politician says, "To be perfectly honest..." Somebody needs to hit the crash cymbals whenever those words are spoken, to indicate ALERT! LIE COMING....

      --
      You are welcome on my lawn.
    8. Re:Worst? by evilRhino · · Score: 4, Insightful

      Since android is open source, there are ROMs that actually add this functionality to the OS. It was available on Cyanogenmod 7.1.0, for example.

    9. Re:Worst? by SJHillman · · Score: 3, Funny

      But then how would we hear the politicians over the constant crashing of cymbals? On the bright side, assassins would no longer need silencers.

    10. Re:Worst? by TheRaven64 · · Score: 4, Insightful

      The problem is, with the stock android install unlike, for example, Symbian, you can't just say 'no, the app can't have this permission but install it anyway'. I was looking for an app to read QR codes a while ago. The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.

      --
      I am TheRaven on Soylent News
    11. Re:Worst? by ommerson · · Score: 1

      In iOS, applications don't have a lot of access to personal data to start with - and certainly not to read SMS (although apps can send using an Apple sanction UI only). They do have access to the contents of the address book, but this is looks likely to change soon.

    12. Re:Worst? by Enderandrew · · Score: 1

      You can however decide not to install the app if you don't want it to have access to whatever it is requesting.

      --
      http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
    13. Re:Worst? by Enderandrew · · Score: 1

      They have access to my photos, videos, calendar and contacts that I know of. I consider that a lot of personal data. But I don't know which apps have access to what on iOS, where as I can see that per app with Android.

      --
      http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
    14. Re:Worst? by L4t3r4lu5 · · Score: 1

      1) Root phone.
      2) Install granular permission control app.
      3) Deny apps permissions you don't agree with.

      Cyanogenmod 7.1 has granular app control built in, or you can use a 3rd party app like LBE Privacy Guard.

      Don't use an Android device? Sorry, no advice for you. <trollface>I guess being able to control your device is important after all.</trollface>

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    15. Re:Worst? by Volvogga · · Score: 2

      The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.

      I'm not certain, but I think that some people are now putting QR codes onto their business cards that have their contact information embedded. I know one person that has a QR code that takes your phone to his website, but was thinking about trying to get the business card reprinted with his information in VCard format within the QR code instead. I'm guessing that was the reason for the address book permissions (to add to it, not to read it), and that if you had that application, you could add a contact instantly.

      I agree on a need for reasoning why certain privileges are needed. Most of them are easy to figure out (if it is a free app, chances are it has ads... thus needing internet access), but a few of them are weird, like your QR code scanner issue there. Personally, whenever I run across a weird permission request, I look back to the description or change-log of the application. If the developer has documented why the permission is necessary in either of these locations, I feel fairly confident that they are trustworthy.

      --
      Vol~
    16. Re:Worst? by Nemesisghost · · Score: 1

      The other big UI problem is that the apps don't say WHY they need these privileges.

      This is the biggest problem I have with the way the permissions are done. I can never tell why various apps require the different permission sets. I want to know why that game I installed needs my address book or the ability to make phone calls. What is it going to do? Call my friends & tell them I just passed the 2nd level?

    17. Re:Worst? by mlts · · Score: 1

      I'd say LBE Privacy Guard + DroidWall make an excellent defense, something that can be said to tip the scales in favor for Android, assuming a clued user and a rooted phone.

      iOS has/had Firewall IP, but not sure if that has been updated to keep up with the latest iOS 5 vagaries. It also requires a jailbreak, which can be daunting, come iOS 5.1 and forced upgrades on restores. So, unless one gets that working, the only way to tell that an app is slurping from the message logs is to have the phone on a wireless connection with a packet sniffer.

      For a non-clued Android user, the best thing to do is read the permissions. If a fleshlight app is wanting full access to contacts, phone history, etc... find another one.

    18. Re:Worst? by Dishevel · · Score: 2

      Why should you have that power.
      If I write an app and to pay for it I put ads out you have the right to install it or not.
      As long as it is made clear what I have access to, If you do not like it then do not install my app.
      Being able to install my app in any way you want on a free app is not a "right" that you have.
      You are really going to blame Android for telling you what an ap wants and asking if you really want the program?

      How much are you paid to make Android seem the same as iOS here?

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    19. Re:Worst? by Dishevel · · Score: 1

      Also the reason that a QR code reader may want full access to your contacts list is because most of them will read contact QR code. One click and full contact information for a person is added to you list.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    20. Re:Worst? by ommerson · · Score: 1

      I think the point here is that whilst applications do indeed have access, this is often mediated through Apple's user-interface in each case - which I suspect you'll find is actually provided by another process within a different sandbox. This means that rogue applications are not hoovering up your data without user-interaction.

    21. Re:Worst? by Rob+the+Bold · · Score: 2

      The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.

      I'm not certain, but I think that some people are now putting QR codes onto their business cards that have their contact information embedded.

      I have seen an actual instance of this: a local magazine publisher here prints his business card in the mags he publishes and it contains a QR code with his contact info. If an app could write to the contact list, it could add that information automatically.

      But on the other hand, QR codes can be used for other data, too, so an app should be installable with or without this privilege.

      But on the third hand, if an app can't to something that it promises, or it gives the user an error message stating that it doesn't have permission to do something, then the publisher is looking at a possible tech support request. A user could have forgotten that he denied access to contact list for this app, and then try to get help. The publisher is going to want to keep this to a minimum, since tech support requests eat up resources. So just not installing the application is a simple way to statistically reduce this cost. So while I don't like it, I can see at least one thing that motivates a publisher to take this route.

      --
      I am not a crackpot.
    22. Re:Worst? by arisvega · · Score: 1

      The report also says information such as user location, contacts list, and browser history are often accessed and sometimes transmitted to third-party companies, including advertisers.

      That also caught my attention- location, contacts list and browser history, all to third-party advertisers: well, I think they are pushing it, and that people should either use a firewall (I'm no smart phone expert but I really hope there exists a firewall) or not install the app at all- can't one just access facebook from a smartphone's browser? Why would you need an app, especially if they spy on you in such a greedy and disrespectful way?

      --
      The three laws of thermodynamics:(1) You can't win. (2) You can't break even. (3) You can't even quit.
    23. Re:Worst? by Anonymous Coward · · Score: 1

      The fact that any old app can apparently access your contacts, text messages and browser history.

      The Facebook app has a legitimate reason to read/write your contact data. It includes a feature that allows to to sync your contacts on your phone with your facebook contacts. It would be great, for example if it automatically updated the contact photos on my phone for my facebook friends using their profile picture on facebook. (I think Motoblur does this, for example.)

      However, the way facebook implemented it was rather messed up. They didn't store the contacts with the regular contact data. So, if you uninstall the facebook app, those contacts disappear. In other words, Facebook wanted to import your contact data, but not allow you to export your facebook contact data to other apps on your phone. That is why Google removed Facebook's ability to do this on the Nexus S and plans to do it for future flagship phones as well.

      See: http://www.androidguys.com/2011/02/23/google-drops-facebook-sync-nexus/

    24. Re:Worst? by Nirvelli · · Score: 2

      Yes, but most apps are written incorrectly (they don't ask for permissions in a try/catch block), so for example when I told my ROM not to let Facebook access my GPS, the Facebook app would simply crash on opening.
      This will only really work if it's a standardized OS-wide feature.

    25. Re:Worst? by Avtar · · Score: 1

      It is in Cyanogenmod 7. In my experience, apps do not handle have permissions removed gracefully, and often crash. If you need to use an app there are times when there is no option but to grant access.

    26. Re:Worst? by Calos · · Score: 3, Informative

      Look for:
      LBE Privacy Guard
      Permissions Denied

      --
      I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
    27. Re:Worst? by Nirvelli · · Score: 1

      Wow, I rescind my previous statement, LBE is basically exactly what I want. And it doesn't crash things. Thanks. This right here should be built-in functionality.

    28. Re:Worst? by LoudNoiseElitist · · Score: 1

      That game needs access to your dialer so that it can be paused whens someone calls you. I agree that the warning is misleading, and I believe it's something the Android developers are working on.

    29. Re:Worst? by LoudNoiseElitist · · Score: 2

      Fleshlight app? They make those now? Awesome.

    30. Re:Worst? by kiwimate · · Score: 1

      Actually, I'd say it's that you're verging on libel and Slashdot is modding you +5 informative.

    31. Re:Worst? by truedfx · · Score: 1

      That's why plenty of free apps want network access. But how is access to the user's contacts required for displaying ads?

    32. Re:Worst? by Anonymous Coward · · Score: 1

      It amuses me how your definition of "written incorrectly" means "not written for a blatantly non-standard use of the Android environment". In NORMAL Android development, the developer can explicitly assume that if permission was NOT granted, the program will simply not exist on the phone. That is how it's designed.

      But, sorry that following the design is clearly "incorrect" by your cockamamie idealism. We'll try to anticipate the entire API being pulled out from under us next, because I'm sure you'll bitch about how clearly WRONG we all are because we didn't design Android apps to run on your Windows Phone 8 device.

    33. Re:Worst? by Dishevel · · Score: 2

      It is not.
      Not that I know of.
      The point I was making was that the programmer gets to determine what permissions he wants.
      The user gets to determine if he wants to give that stuff up to have the app.
      This is not only how it works but in reality it is exactly as it should work. The only times that you have problems are when a user screams "I did not read it!" or when a user screams "I want the stuff you made but I want it how I want it! Just give it to me anyway!".
      In both of those cases I am ok with the user getting screwed.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    34. Re:Worst? by petsounds · · Score: 1

      That's changing in iOS 5.1 – users will have to explicitly allow address book access, just like they are prompted to do with GPS access today.

    35. Re:Worst? by Calos · · Score: 2

      Just be aware of the limitations of the model LBE uses. All root apps like it - including DroidWall, which I use as well - are by their very nature, leaky. If they crash and you don't realize it, they do nothing. If they fail to autostart and you don't realize it, they do nothing. In that small window between when Android boots and LBE/DroidWall autostart, they do nothing. The last case can be helped somewhat by startup managers.

      PDroid seeks to shore up those shortcomings, however, it is only available for some ROMs and phones as it makes changes to Android itself. It also only appears to be available on 2.3.x releases of Android. But the upside is that it is not leaky like root background apps, and doesn't crash apps like Cyanogenmod does.

      Actually, thanks for reminding me to look this up again. I'd forgotten about it, but would love to get it on my phone...

      --
      I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
    36. Re:Worst? by petsounds · · Score: 1

      Apple spokesperson: "We’re working to make this [protecting user privacy] even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

      http://allthingsd.com/20120215/apple-app-access-to-contact-data-will-require-explicit-user-permission/

      This was in answer to a Congressional inquiry (hopefully that inquiry will knock on Google's door as well).

      I imagine Apple has your UI concerns in mind are probably redesigning the interface to support multiple choice permission popups.

    37. Re:Worst? by truedfx · · Score: 1

      But users cannot sanely determine whether they should give the app permissions, unless the app explains why it wants those permissions. If I install a clock widget and it asks for permissions to send text messages to pay numbers, I don't trust it. If the clock description lists a feature to send text messages to another phone when a user-defined timer goes off, I might trust it. (And it would take more than just that description to make me trust it.)

    38. Re:Worst? by izomiac · · Score: 1

      A flaw. Personally, I used to allow Facebook access to my contacts because it's useful to have all my Facebook contacts synced with my phone. Only later did I learn that they upload your phone's whole address book and, by extension, your Google address book to Facebook.

      BTW, if you don't think you have a Facebook account, try to think if someone who uses Facebook has entered information about you into their phone book... I know I received a suggestion to friend someone because I used to have their contact information in my phone a year ago (deleted shortly thereafter), and they joined Facebook about a month ago (no other contact or friends in common).

    39. Re:Worst? by Dishevel · · Score: 1

      But users cannot sanely determine whether they should give the app permissions, unless the app explains why it wants those permissions.

      Yes they can.
      If I want an App and I have questions about why it needs certain permissions I can ask.
      Most market Apps have comments about permissions. Sometimes just looking I can get the answer. If I need to ask the developer then my download can wait till I have my answers.

      If I install a clock widget and it asks for permissions to send text messages to pay numbers, I don't trust it. If the clock description lists a feature to send text messages to another phone when a user-defined timer goes off, I might trust it. (And it would take more than just that description to make me trust it.)

      Exactly.
      I do not really know what your problem is. In 90% of my downloads a quick check of the permissions it asks for and the comments section lets me know if I should download or not. the other 10% might require a little effort on my part. If for some reason the app at its best in my mind is not worth the effort then "fuck it".
      I do not need to tell others how to run their shit.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    40. Re:Worst? by cmdrbuzz · · Score: 1

      On iOS they do not have access to your photo's, video's or calendar's.

      They can however display browser requesting you to select a photo or a video and then manipulate the particular one you chose. They cannot access them outside of the defined API.
      This is one reason that all the "private photo" apps can only import pictures from iOS one by one, or by you uploading them via iTunes or the net etc.

    41. Re:Worst? by truedfx · · Score: 1

      You're lucky to easily figure out for 90% of your downloads. If I consider potential downloads (including the ones that I don't download because I can't figure out why it needs certain permissions), I don't even get to 50%, and at that point, it becomes enough of a pain to investigate each and every possibly useful app that I wish the default would be to have an explanation in the description.

    42. Re:Worst? by Dishevel · · Score: 1

      Sounds to me like on your phone developers that do a better job are more likely to be installed on your phone.
      So....
      Nothing broken here. All is working as intended.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    43. Re:Worst? by Eth1csGrad1ent · · Score: 1

      How hard is it to say, "No, we never, ever access private messages or contact information for any reason"?

      Really, really hard. Because as soon as any company does this, some back office dweeb from the company pipes up with "actually, thats not technically correct..." and now they're openly lying about it. PR and politicians alike never want to talk in absolutes because it can only ever come back and bite them...

    44. Re:Worst? by L4t3r4lu5 · · Score: 1

      Look, can you people stop saying this as if it's something guaranteed.

      There are many hardware-firmware-Android combinations out there that just cannot be rooted. For example, Dell Streak 5 with Android 2.2

      So.. what now, smart guy?

      Caveat emptor. It's a foundation principle of Capitalism.

      --
      Finally had enough. Come see us over at https://soylentnews.org/
    45. Re:Worst? by Zebedeu · · Score: 1

      The problem is that Android offers apps no mechanism to ask for permissions after installation, like there was in, say, J2ME phones.

      So apps need to ask upfront for all permissions which they might need to support all of their features, even if some of those will never be used.
      In your QR code example, if the app features a way to, say add a contact from a QR code, or generate a code for a given contact in your address book, it must have that permission, even if most users will never need it.

      As an Android developer myself, I'd love to have a mechanism for asking for new permissions. It'd allow me to ask for fewer permissions upfront and make it clearer for the user why certain permissions are being requested.

    46. Re:Worst? by makomk · · Score: 1

      That sounds about right. Facebook really don't want anyone to have any way to stay in touch with their friends that doesn't go through Facebook.

    47. Re:Worst? by cynyr · · Score: 1

      What if my device has no GPS? what happens then? how about no 3g/4g/lte radio and therefore no contacts?

      --
      All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
    48. Re:Worst? by cynyr · · Score: 1

      How do i verify that the dev is being honest?

      Really as a user, what I would like is a "Verified by Google" program. Submit your app to google along with $5, google takes a look at it, and says, "yep doesn't do anything sneaky, etc" and gives it a filterable attribute to the app so I can see only those if I want.

      Maybe it should be $20 for the first submittal, and $5 for updates, seems like "git diff old_app new_app" would work well enough to simplify the looking at updates a lot.

      --
      All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
    49. Re:Worst? by cynyr · · Score: 1

      google googles can read QR codes, not sure which permissions it needs, but as google already has access to my contacts, I'm not sure i care about that one.

      --
      All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
    50. Re:Worst? by cynyr · · Score: 1

      I looked into doing this for my cards, but found out that android will not import contact info directly from a QR code, the best option is to link to a vcard, and the user can download that and then import it. So like 6 clicks to do that, I was hoping for "scan code -> "would you like to import this contact Y/N" -> Done"

      --
      All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
    51. Re:Worst? by TheRaven64 · · Score: 1

      If you actively choose to install and run spyware then no security system in the world can protect you.

      --
      I am TheRaven on Soylent News
  2. Why are people surprised? by mr1911 · · Score: 5, Insightful

    Facebook is a free service. Facebook users and their data are the commodity being sold to advertisers. The business model isn't a secret.

    There are two ways to grow revenue with this model. 1) Sign up more users. 2) Invade deeper into the user data so the data sold to advertisers is more relevant and worth more.

    --
    This post comes with a double-your-money-back guarantee!
    Any offense taken to this post is at your sole discretion.
    1. Re:Why are people surprised? by TubeSteak · · Score: 2

      People are surprised because they only expect the government to invade their privacy,
      not publicly traded corporations exceeding their authorized access.

      --
      [Fuck Beta]
      o0t!
    2. Re:Why are people surprised? by scorp1us · · Score: 3, Insightful

      Because there is the idea that what you enter into one app on your phone is not available to another app.
      If I accept the "terms of use" for facebook, I do not also consent to having them go through my text messages.
      When I turn off location services for facebook I do not expect them to still access my location.

      --
      Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
    3. Re:Why are people surprised? by Culture20 · · Score: 5, Insightful

      People are surprised because this is a cell phone app reading data that is irrelevant to the app's function. It would be like if Google had a picture editing program that sent google a snapshot of your entire filesystem directory listings. Surprising.

    4. Re:Why are people surprised? by stanlyb · · Score: 2

      Actually, that is what is happening right now, the government is accessing all the "public" information.

    5. Re:Why are people surprised? by phrostie · · Score: 5, Funny

      But the T in Facebook Stands for Trustworthy.

      Oh wait,,,.

    6. Re:Why are people surprised? by nahdude812 · · Score: 1

      Because there is the idea that what you enter into one app on your phone is not available to another app.

      And that is in fact the default operating method for both major smartphone platforms. But there's value in being able to share certain kinds of data between apps. For example, if you want to write a better SMS client, that task is pretty much impossible if the user has to recreate their entire contact list and loses all their existing SMS history. That's why (on Android at least) the app has to request permission for that access. Unfortunately your only choices are to grant every permission the app requests, or not install the app at all. So if Facebook asks for access to your SMS history, your choices are only to grant it or lose access to the reason most people have smartphones to begin with - broadcasting more detail about their life than anyone but them cares about.

      If I accept the "terms of use" for facebook, I do not also consent to having them go through my text messages.

      Have you read their terms? If you accepted them, you're giving them a lot more access than that.

      --
      Slay a dragon... over lunch!
    7. Re:Why are people surprised? by TheRealMindChild · · Score: 2

      FYI, "grow" isn't perfectly synonymous with "increase", AND you sound like a poser.

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    8. Re:Why are people surprised? by Rob+the+Bold · · Score: 1

      Facebook is a free service. Facebook users and their data are the commodity being sold to advertisers. The business model isn't a secret.

      It's not really free. It's just harder to quantify what value you've exchanged for the service. Facebook certainly turns data into money.

      --
      I am not a crackpot.
    9. Re:Why are people surprised? by TallDarkMan · · Score: 1

      People are surprised because they only expect the government to invade their privacy

      I tend to disagree. Most people I run across look at you funny when you present the idea that the government is invading their privacy. In fact, most will deny it outright and argue that "the people" would never let anything like that happen (even though, it's already happening, and worse!)

      You have a nation of consumers, which means they all think in terms of "who can I go to when [whatever] doesn't work, is broken, is causing me inconvenience, etc. and when they find the company they're dealing with is doing questionable things, they think the government will be the one to correct the situation.

      Isn't that a great way to divert attention and control the sheeple?

      --
      Will draft for food...
  3. Smartphones by ciderbrew · · Score: 3, Insightful

    I wish I didn't install their app on my HTC ages ago. It's off now; but it did get the contact data from the phone! I only use the browser for FB now and no way am I installing that Malware again. - Events details locked in FB are a pain.

  4. is that allowed on mobile APIs? by Anonymous Coward · · Score: 1

    I've never programmed for mobile phones before, so I'm ignorant, but are the phone's SMS messages even available in the APIs given to mobile developers to use for creating 3rd party apps? Even if it is available in the API, surely the phone OS would pop up a warning and force you to confirm approval.

    I was skeptical when I read this story for that reason.

    1. Re:is that allowed on mobile APIs? by colfer · · Score: 3, Interesting

      Android phones in the U.S. come with apps that cannot be deleted, depending on the service. Typically: Facebook, Twitter. You can choose to decline updates, but you cannot remove the app. Look at the comments on this app: https://market.android.com/details?id=com.virginmobileusa.vmlive&hl=en Of them 90% are along the lines of this one: "This program is garbage I wish I could get this crap off my phone."

    2. Re:is that allowed on mobile APIs? by Enderandrew · · Score: 3, Informative

      Android doesn't do this. Certain carriers push out custom versions of Android where a small handful of the shovel-ware apps can't be deleted. But Facebook and Twitter can be deleted on all the major carriers (Sprint, AT&T, T-Mobile, Verizon).

      However, you can always root your phone if you really want to delete these shovel-ware apps.

      --
      http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
    3. Re:is that allowed on mobile APIs? by evilRhino · · Score: 1

      Almost every Android phone also has the ability to install a custom ROM that does not include any extra apps, including the google ones.

    4. Re:is that allowed on mobile APIs? by wannabgeek · · Score: 2, Informative

      Google's stock Android doesn't let you uninstall Facebook, Twitter, Amazon MP3 and even Google Books. I'm talking Ginger Bread on Nexus One - so it's not imposed by any carrier. It gets into some weird situations as well - since I'm in India and currently Google Books is not available for India, it won't let me install any updates, but it still shows me update notifications, and would not let me uninstall the app. It sucks, especially since app storage is really small and precious on these old phones.

      --
      I'm much more funny, interesting and insightful than the moderators think
    5. Re:is that allowed on mobile APIs? by pongo000 · · Score: 1

      Android doesn't do this. Certain carriers push out custom versions of Android where a small handful of the shovel-ware apps can't be deleted. But Facebook and Twitter can be deleted on all the major carriers (Sprint, AT&T, T-Mobile, Verizon).

      Not true on AT&T. Just tried it on my SGS2, Facebook is still there.

    6. Re:is that allowed on mobile APIs? by DMUTPeregrine · · Score: 1

      It doesn't let you uninstall any "system" app. If you have root, Titanium Backup can convert these apps to "user" apps.

      --
      Not a sentence!
  5. Otherwise people shouldn't be surprised by this... by Anonymous Coward · · Score: 1

    I kind of expect such behavior by big internet companies like Facebook, Google, Microsoft, Zynga, etc.

    We've all read the line "If You're Not Paying for It; You're the Product" and it's true.

    It's just a shame that these comapnies don't tell/warn/notice the users clearly before they sign up and while they are using their services about what's going on behind the people's backs.

    There should be something along the lines of...

    "Dear Sindy, the reason why that third-party company is sending you advertisment about hepres treatment products might be, because we found out about it during your messaging with Jenny and we thought that we should sell your information, which you would probably want to remain private, to the company paying us the most, which is specialised in treating herpes. It's a win-win situation for both of us. Best regards, your Facebook-Privacy-Team"

  6. Well yeah. by TheSpoom · · Score: 4, Interesting

    I stopped using and uninstalled the Facebook Android app when I saw that it was turning on my phone's GPS as soon as I opened it. Sorry, but there's no legitimate reason for the GPS to be on all the time in this app's context.

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  7. Oh well by slasho81 · · Score: 2

    Just add this complaint along with any other complaint you have regarding Facebook over here. This makes ignoring Facebook issues much more efficient.

  8. Why aren't the apps properly sand-boxed? by scorp1us · · Score: 5, Insightful

    I think I should be able to go in and modify any app's permissions after the fact. The "accept permissions" button should only set those requested permissions as default, then I should have an app that can revoke them. Currently the app developer gets all the power because people don't know what the permissions tie to and how they actually get used/abused. Such an ability would make app authors think twice...

    --
    Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
    1. Re:Why aren't the apps properly sand-boxed? by Anonymous Coward · · Score: 1

      Or just use PDroid, you can restrict permissions easily and apps WONT crash...

    2. Re:Why aren't the apps properly sand-boxed? by downhole · · Score: 1

      Cyanogenmod lets you do exactly that. I'm running it on my HTC Thunderbolt, and as soon as I read this, I went in, saw that the Facebook app does indeed request full SMS permissions (read, write, send, and receive), and turned them all off. The app hasn't complained so far. Still, it would be nice if it was an OS default option instead of requiring that you install a third-party ROM, which isn't possible on a lot of phones and will break other things on many of them.

      --
      I don't reply to ACs
  9. NHave you seen the permissions? by Drakin020 · · Score: 2

    Have you seen the permissions the Facebook App has on the HTC Rezound? (And I'm sure on other phones.) Oh BTW you cant actually remove the FB App from this phone unless you root it.

    This is exactly what it says on my phone...

    Permissions: This application can access the following on your phone.

    - Your personal information
    Read contact data, write contact data

    -Services that cost you money
    Send SMS Messages

    -Your messages
    Edit SMS or MMS, read SMS or MMS, receive SMS

    -Your location
    fine(GPS) location

    -Network communication
    full Internet access

    -Your accounts
    act as an account authenticator, manage the accouns list

    -Storage
    modify/delete SD card contents

    -Phone calls
    read phone state and identity

    -System Tools
    prevent phone from sleeping, write sync settings

    --
    The greatest revenge in life is massive success.
    1. Re:NHave you seen the permissions? by robmv · · Score: 1

      Hopefully the update to Android 4.0 is not delayed too much for that phone. With 4.0 you can disable entirely an application, even base applications and those added to the ROM by the manufacturer

  10. One browser per evil mega-corporation by colfer · · Score: 1

    As long as the # of decent browsers surpasses the # of evil mega-corporation web services I want to use I guess I have some privacy. Fifteen years ago there were two browsers and both were broken, either by crashes or security. Now we're in a golden age of good browsers. The only way the evil megas can break browser separation would be by IP, which is fuzzy, or by Flash cookies, which I hope are not shared across browser. (Or by behavioral analysis, also fuzzy.)

    Mozilla even has two browsers you can install with the profiles automatically separate and runnable simultaneously: FF and Seamonkey. Same should be true of Chrome and Chromium. Opera is fast, Safari is special, IE is ok these days.

    1. Re:One browser per evil mega-corporation by zzyzyx · · Score: 1

      You can also run several Firefox profiles simultaneously if you start it with the -no-remote option.

  11. The real problem by A+beautiful+mind · · Score: 2

    The real problem is that common applications request almost all of the permissions from the phone when the user installs them, to provide full functionality (importing contacts, etc.). The user's choice is between not installing the app and giving it those permissions.

    What should be happening instead is: make the permissions user selectable, to be able to install the facebook app, but to prevent it from accessing anything I don't want. The app store / market rules should mandate that applications cope with the degradation of priviledges gracefully. The OS/app should display a popup when the user tries to do something that requires priviledges the app doesn't have, along the lines of "do you want to grant permission x to this application? [just this once] / [yes] / [no] / [don't ask again]"

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
    1. Re:The real problem by compgenius3 · · Score: 1
      Alternatively, the core Android APIs should provide a null data set when the app hasn't been granted permissions to a particular resource, and normal rules of error checking your data apply. I've written a few Android apps and can easily see how the Android permission system is broken. For example, when verifying an app purchase with the Google Market API, Google suggests using some unique identifier to encrypt the data store:

      [...] the Policy must always obfuscate the data before storing it, using a key that is unique for the application and device. Obfuscating using a key that is both application-specific and device-specific is critical, because it prevents the obfuscated data from being shared among applications and devices.

      However, in order to get a truly device-specific identifier requires extra permissions:

      Note that, depending on the APIs you use, your application might need to request additional permissions in order to acquire device-specific information. For example, to query the TelephonyManager to obtain the device IMEI or related data, the application will also need to request the android.permission.READ_PHONE_STATE permission in its manifest. Before requesting new permissions for the sole purpose of acquiring device-specific information for use in your Obfuscator, consider how doing so might affect your application or its filtering on Android Market (since some permissions can cause the SDK build tools to add the associated ).

      So it's easy to see how permissions can be declared for something innocuous but used for something nefarious.

      --
      Sexual intercourse is kicking death in the ass while singing. ~Charles Bukowski
  12. Murdoch's not so bad by Comboman · · Score: 1, Interesting

    This Sunday Times article is just the latest in a string of Rupert Murdoch media outlets (mostly the Wall Street Journal) posting exaggerated and questionably-researched stories about "hacking scandals" at large internet companies like Facebook, Google, Microsoft, etc. The strategy seems to be to distract the public from real hacking scandals at News of the World and other Murdoch owned properties and make it appear that hacking is a normal activity for successful companies. What, you thought that scandal was old news? More details continue to get out (despite Murdoch's attempts to cover it up).

    --
    Support Right To Repair Legislation.
  13. Something Related by anand78 · · Score: 1

    In my trip to India last month, I was using a crappy phone to surf the Internet. I thought google used SSL or some obfuscation but I was surprised when I started getting emails from Indian sites.The problem is not just limited to Apps but on a broader scale ISP's snoop on you.

  14. Uninstalled! by ninsega · · Score: 1

    Seriously guys, only use Facebook as a fancy Harry Potter-styled phonebook.

  15. Facebook denies ... by golodh · · Score: 2
    When I read "Facebook denies [...]" I thought "Well, that makes it official then. Lets see what it is that they are denying."

    "Never believe anything until it has been officially denied" (the right hon. J. Hacker.)

  16. How much I may hate Facebook... by vikingpower · · Score: 2

    ( and I do ! ), this is simply below all levels of verifiability. "Is being accused of...", "...denies....", "...according to...( behind paywall ).... ". And then the same Sunday Times article suddenly becomes a "report". C'mon. Show us facts, bare, hard, naked facts. Not allegations. Slow news day, Slashdot ?

    --
    Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace
  17. BlackBerry not affect? by acoustix · · Score: 1

    I just checked the permissions of the Facebook app on my BlackBerry (9930 running 7.1) and it does not give the FB app access to any of my messages.

    Not too shabby for a supposedly dead platform.

    --
    "A plan fiendishly clever in its intricacies"- Homer Simpson
  18. Facebook: gone! by DogDude · · Score: 1

    I didn't even think about this when I installed Facebook's app onto my Windows Phone. It's really just as easy to just use the regular web version.

    --
    I don't respond to AC's.
    1. Re:Facebook: gone! by DogDude · · Score: 1

      That's good to know! I just have to wonder if my apps can access all of my other stuff (contacts, phone history, etc.). There's not a lot of security info in the Windows 7.5 Phone stuff, but if it's because it's locked down, that's fine by me, too.

      --
      I don't respond to AC's.
  19. Verification is simple by Mojo66 · · Score: 1

    Just write a text message saying "I'll destroy the US" and wait for the DHS.

  20. users get what they deserve seriously by dell623 · · Score: 1

    Apple considers their users too stupid to know such important details like whether an app can access all your data. Android pops up a nice dialog - when I thought I'll try out the Facebook app, it said it can access my contacts, sms messages and pretty much everything. I said fuck no, and never installed the app. Also the reports from friends with iPhones that as soon as you install the facebook app the first thing it does is to upload all the phone numbers from your contact list to facebook. People who did install the app have themselves to blame. And yes I am aware Google has access to all this info. I have reason to trust Google more, if just for the reason that every time Google accesses your info, you get told that it is about to do so. Google have always been a million times more transparent about what they do with personal info even if they are far from perfect.

    PS: I just compared Google+ and Facebook apps on Android. Google+ does not require access to SMS messages, whereas facebook can do pretty much anything. They can both read phone state, including which number you are calling, however it seems they cannot read the call log, which is a bit more important. Still a bit worrying, but as I said before, Google could do this anyway and I trust Google more than Facebook.

    1. Re:users get what they deserve seriously by petteyg359 · · Score: 1

      CyanogenMod adds this nice feature where you can selectively disable permissions. Facebook does not have access to my messages.

  21. FB = failing big by GRXGC · · Score: 1

    facebook is doing a lot that people do not like. they do not care. they will not change and that's a problem. HUGE problem. Timeline: terrible. privacy: not private. they still have those cookies that track you even when you sign out. you have to think, Mark Z hacked Harvard's computer system, was successful and hired hackers as his first staff when facebook was blossoming. THEY ARE HACKERS. They are so good that they not only change their base code for the site, they created their own language for FB. That's nuts and scary. the thing that i hate the most, is the fact that law enforcement is allowed to send warrants via txt and inbox on FB. That alone, constitutionally violates peoples' rights. police and federal law enforcement do not have a face or leg to stand on in our online lives, because anonymity reigns online more than sensitive personal info. that is what is going to be a topic of discussion throughout the year. that is what will define the actual valuation of FB: privacy, cookie tracking after logout and the police. these things have to be marginalized, no matter what. that's just me.