Facebook Denies Accessing Users' Text Messages

← Back to Stories (view on slashdot.org)

Facebook Denies Accessing Users' Text Messages

Posted by samzenpus on Monday February 27, 2012 @02:38AM from the it-was-the-other-guys dept.

quantr writes "Facebook is being accused of snooping on its users' text messages, but the social network says the accusations are inaccurate and misleading. The company is among a wide-ranging group of Web entities, including Flickr and YouTube, that are using smartphone apps to access text message data and other personal information, according to a Sunday Times report (behind a paywall). The newspaper said Facebook 'admitted' to reading users' text messages during a test of its own messaging service. The report also says information such as user location, contacts list, and browser history are often accessed and sometimes transmitted to third-party companies, including advertisers."

36 of 130 comments (clear)

Min score:

Reason:

Sort:

Worst? by SJHillman · 2012-02-27 02:41 · Score: 4, Informative

What's worse? The the fact that they have to deny these kind of accusations or the fact that they're probably lying?
1. Re:Worst? by Anonymous Coward · 2012-02-27 02:51 · Score: 5, Insightful
  
  The fact that any old app can apparently access your contacts, text messages and browser history.
2. Re:Worst? by cpotoso · 2012-02-27 03:02 · Score: 3, Insightful
  
  Mod parent up. It is really a very big design flaw (on purpose?) of ios and android. Should not be up to the apps to decide whether they can access private data.
3. Re:Worst? by Enderandrew · 2012-02-27 03:09 · Score: 5, Informative
  
  With iOS, apps just simply have access to this data by default. With Android, for each app you have to specifically grant access to these things while installing the app.
  
  --
  http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
4. Re:Worst? by Anonymous Coward · 2012-02-27 03:15 · Score: 2, Insightful
  
  With Android, for each app you have to specifically grant access to these things while installing the app.
  And that is the flaw. The right way of doing it is to let the user grant apps rights to individual resources, possibly temporarily.
5. Re:Worst? by Anonymous Coward · 2012-02-27 03:17 · Score: 5, Informative
  
  Many smartphones come with facebook pre-installed. I had to root my phone to uninstall it.
6. Re:Worst? by PopeRatzo · 2012-02-27 03:24 · Score: 4, Interesting
  
  What's worse? The the fact that they have to deny these kind of accusations or the fact that they're probably lying?
  You know when a corporation says "the accusations are inaccurate and misleading" that they are guilty as hell.
  How hard is it to say, "No, we never, ever access private messages or contact information for any reason"?
  It's like when a politician says, "To be perfectly honest..." Somebody needs to hit the crash cymbals whenever those words are spoken, to indicate ALERT! LIE COMING....
  
  --
  You are welcome on my lawn.
7. Re:Worst? by evilRhino · 2012-02-27 03:29 · Score: 4, Insightful
  
  Since android is open source, there are ROMs that actually add this functionality to the OS. It was available on Cyanogenmod 7.1.0, for example.
8. Re:Worst? by SJHillman · 2012-02-27 03:31 · Score: 3, Funny
  
  But then how would we hear the politicians over the constant crashing of cymbals? On the bright side, assassins would no longer need silencers.
9. Re:Worst? by TheRaven64 · 2012-02-27 03:35 · Score: 4, Insightful
  
  The problem is, with the stock android install unlike, for example, Symbian, you can't just say 'no, the app can't have this permission but install it anyway'. I was looking for an app to read QR codes a while ago. The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.
  
  --
  I am TheRaven on Soylent News
10. Re:Worst? by Volvogga · 2012-02-27 04:05 · Score: 2
  
  The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.
  I'm not certain, but I think that some people are now putting QR codes onto their business cards that have their contact information embedded. I know one person that has a QR code that takes your phone to his website, but was thinking about trying to get the business card reprinted with his information in VCard format within the QR code instead. I'm guessing that was the reason for the address book permissions (to add to it, not to read it), and that if you had that application, you could add a contact instantly.
  I agree on a need for reasoning why certain privileges are needed. Most of them are easy to figure out (if it is a free app, chances are it has ads... thus needing internet access), but a few of them are weird, like your QR code scanner issue there. Personally, whenever I run across a weird permission request, I look back to the description or change-log of the application. If the developer has documented why the permission is necessary in either of these locations, I feel fairly confident that they are trustworthy.
  
  --
  Vol~
11. Re:Worst? by Dishevel · 2012-02-27 04:13 · Score: 2
  
  Why should you have that power.
  If I write an app and to pay for it I put ads out you have the right to install it or not.
  As long as it is made clear what I have access to, If you do not like it then do not install my app.
  Being able to install my app in any way you want on a free app is not a "right" that you have.
  You are really going to blame Android for telling you what an ap wants and asking if you really want the program?
  How much are you paid to make Android seem the same as iOS here?
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
12. Re:Worst? by Rob+the+Bold · 2012-02-27 04:19 · Score: 2
  
  The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.
  I'm not certain, but I think that some people are now putting QR codes onto their business cards that have their contact information embedded.
  I have seen an actual instance of this: a local magazine publisher here prints his business card in the mags he publishes and it contains a QR code with his contact info. If an app could write to the contact list, it could add that information automatically.
  But on the other hand, QR codes can be used for other data, too, so an app should be installable with or without this privilege.
  But on the third hand, if an app can't to something that it promises, or it gives the user an error message stating that it doesn't have permission to do something, then the publisher is looking at a possible tech support request. A user could have forgotten that he denied access to contact list for this app, and then try to get help. The publisher is going to want to keep this to a minimum, since tech support requests eat up resources. So just not installing the application is a simple way to statistically reduce this cost. So while I don't like it, I can see at least one thing that motivates a publisher to take this route.
  
  --
  I am not a crackpot.
13. Re:Worst? by Nirvelli · 2012-02-27 04:41 · Score: 2
  
  Yes, but most apps are written incorrectly (they don't ask for permissions in a try/catch block), so for example when I told my ROM not to let Facebook access my GPS, the Facebook app would simply crash on opening.
  This will only really work if it's a standardized OS-wide feature.
14. Re:Worst? by Calos · 2012-02-27 04:44 · Score: 3, Informative
  
  Look for:
  LBE Privacy Guard
  Permissions Denied
  
  --
  I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
15. Re:Worst? by LoudNoiseElitist · 2012-02-27 05:28 · Score: 2
  
  Fleshlight app? They make those now? Awesome.
16. Re:Worst? by Dishevel · 2012-02-27 06:02 · Score: 2
  
  It is not.
  Not that I know of.
  The point I was making was that the programmer gets to determine what permissions he wants.
  The user gets to determine if he wants to give that stuff up to have the app.
  This is not only how it works but in reality it is exactly as it should work. The only times that you have problems are when a user screams "I did not read it!" or when a user screams "I want the stuff you made but I want it how I want it! Just give it to me anyway!".
  In both of those cases I am ok with the user getting screwed.
  
  --
  Why is it so hard to only have politicians for a few years, then have them go away?
17. Re:Worst? by Calos · 2012-02-27 06:58 · Score: 2
  
  Just be aware of the limitations of the model LBE uses. All root apps like it - including DroidWall, which I use as well - are by their very nature, leaky. If they crash and you don't realize it, they do nothing. If they fail to autostart and you don't realize it, they do nothing. In that small window between when Android boots and LBE/DroidWall autostart, they do nothing. The last case can be helped somewhat by startup managers.
  PDroid seeks to shore up those shortcomings, however, it is only available for some ROMs and phones as it makes changes to Android itself. It also only appears to be available on 2.3.x releases of Android. But the upside is that it is not leaky like root background apps, and doesn't crash apps like Cyanogenmod does.
  Actually, thanks for reminding me to look this up again. I'd forgotten about it, but would love to get it on my phone...
  
  --
  I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
Why are people surprised? by mr1911 · 2012-02-27 02:44 · Score: 5, Insightful

Facebook is a free service. Facebook users and their data are the commodity being sold to advertisers. The business model isn't a secret.

There are two ways to grow revenue with this model. 1) Sign up more users. 2) Invade deeper into the user data so the data sold to advertisers is more relevant and worth more.

--
This post comes with a double-your-money-back guarantee!
Any offense taken to this post is at your sole discretion.
1. Re:Why are people surprised? by TubeSteak · 2012-02-27 02:53 · Score: 2
  
  People are surprised because they only expect the government to invade their privacy,
  not publicly traded corporations exceeding their authorized access.
  
  --
  [Fuck Beta]
  o0t!
2. Re:Why are people surprised? by scorp1us · 2012-02-27 02:56 · Score: 3, Insightful
  
  Because there is the idea that what you enter into one app on your phone is not available to another app.
  If I accept the "terms of use" for facebook, I do not also consent to having them go through my text messages.
  When I turn off location services for facebook I do not expect them to still access my location.
  
  --
  Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
3. Re:Why are people surprised? by Culture20 · 2012-02-27 03:00 · Score: 5, Insightful
  
  People are surprised because this is a cell phone app reading data that is irrelevant to the app's function. It would be like if Google had a picture editing program that sent google a snapshot of your entire filesystem directory listings. Surprising.
4. Re:Why are people surprised? by stanlyb · 2012-02-27 03:01 · Score: 2
  
  Actually, that is what is happening right now, the government is accessing all the "public" information.
5. Re:Why are people surprised? by phrostie · 2012-02-27 03:03 · Score: 5, Funny
  
  But the T in Facebook Stands for Trustworthy.
  Oh wait,,,.
6. Re:Why are people surprised? by TheRealMindChild · 2012-02-27 04:11 · Score: 2
  
  FYI, "grow" isn't perfectly synonymous with "increase", AND you sound like a poser.
  
  --
  
  "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Smartphones by ciderbrew · 2012-02-27 02:50 · Score: 3, Insightful

I wish I didn't install their app on my HTC ages ago. It's off now; but it did get the contact data from the phone! I only use the browser for FB now and no way am I installing that Malware again. - Events details locked in FB are a pain.
Well yeah. by TheSpoom · 2012-02-27 02:57 · Score: 4, Interesting

I stopped using and uninstalled the Facebook Android app when I saw that it was turning on my phone's GPS as soon as I opened it. Sorry, but there's no legitimate reason for the GPS to be on all the time in this app's context.

--
It's better to vote for what you want and not get it than to vote for what you don't want and get it.
- E. Debs
Re:is that allowed on mobile APIs? by colfer · 2012-02-27 03:00 · Score: 3, Interesting

Android phones in the U.S. come with apps that cannot be deleted, depending on the service. Typically: Facebook, Twitter. You can choose to decline updates, but you cannot remove the app. Look at the comments on this app: https://market.android.com/details?id=com.virginmobileusa.vmlive&hl=en Of them 90% are along the lines of this one: "This program is garbage I wish I could get this crap off my phone."
Oh well by slasho81 · 2012-02-27 03:02 · Score: 2

Just add this complaint along with any other complaint you have regarding Facebook over here. This makes ignoring Facebook issues much more efficient.
Why aren't the apps properly sand-boxed? by scorp1us · 2012-02-27 03:06 · Score: 5, Insightful

I think I should be able to go in and modify any app's permissions after the fact. The "accept permissions" button should only set those requested permissions as default, then I should have an app that can revoke them. Currently the app developer gets all the power because people don't know what the permissions tie to and how they actually get used/abused. Such an ability would make app authors think twice...

--
Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
NHave you seen the permissions? by Drakin020 · 2012-02-27 03:13 · Score: 2

Have you seen the permissions the Facebook App has on the HTC Rezound? (And I'm sure on other phones.) Oh BTW you cant actually remove the FB App from this phone unless you root it.
This is exactly what it says on my phone...
Permissions: This application can access the following on your phone.
- Your personal information
Read contact data, write contact data
-Services that cost you money
Send SMS Messages
-Your messages
Edit SMS or MMS, read SMS or MMS, receive SMS
-Your location
fine(GPS) location
-Network communication
full Internet access
-Your accounts
act as an account authenticator, manage the accouns list
-Storage
modify/delete SD card contents
-Phone calls
read phone state and identity
-System Tools
prevent phone from sleeping, write sync settings

--
The greatest revenge in life is massive success.
Re:is that allowed on mobile APIs? by Enderandrew · 2012-02-27 03:18 · Score: 3, Informative

Android doesn't do this. Certain carriers push out custom versions of Android where a small handful of the shovel-ware apps can't be deleted. But Facebook and Twitter can be deleted on all the major carriers (Sprint, AT&T, T-Mobile, Verizon).
However, you can always root your phone if you really want to delete these shovel-ware apps.

--
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
The real problem by A+beautiful+mind · 2012-02-27 03:25 · Score: 2

The real problem is that common applications request almost all of the permissions from the phone when the user installs them, to provide full functionality (importing contacts, etc.). The user's choice is between not installing the app and giving it those permissions.

What should be happening instead is: make the permissions user selectable, to be able to install the facebook app, but to prevent it from accessing anything I don't want. The app store / market rules should mandate that applications cope with the degradation of priviledges gracefully. The OS/app should display a popup when the user tries to do something that requires priviledges the app doesn't have, along the lines of "do you want to grant permission x to this application? [just this once] / [yes] / [no] / [don't ask again]"

--
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Re:is that allowed on mobile APIs? by wannabgeek · 2012-02-27 03:57 · Score: 2, Informative

Google's stock Android doesn't let you uninstall Facebook, Twitter, Amazon MP3 and even Google Books. I'm talking Ginger Bread on Nexus One - so it's not imposed by any carrier. It gets into some weird situations as well - since I'm in India and currently Google Books is not available for India, it won't let me install any updates, but it still shows me update notifications, and would not let me uninstall the app. It sucks, especially since app storage is really small and precious on these old phones.

--
I'm much more funny, interesting and insightful than the moderators think
Facebook denies ... by golodh · 2012-02-27 04:07 · Score: 2

When I read "Facebook denies [...]" I thought "Well, that makes it official then. Lets see what it is that they are denying."
"Never believe anything until it has been officially denied" (the right hon. J. Hacker.)
How much I may hate Facebook... by vikingpower · 2012-02-27 04:09 · Score: 2

( and I do ! ), this is simply below all levels of verifiability. "Is being accused of...", "...denies....", "...according to...( behind paywall ).... ". And then the same Sunday Times article suddenly becomes a "report". C'mon. Show us facts, bare, hard, naked facts. Not allegations. Slow news day, Slashdot ?

--
Religous speak to God. Insane are spoken to by God. When all shut up, one can finally hear Shostakovich in peace