Slashdot Mirror
Facebook's Android App Can Now Retrieve Data About What Apps You Use
An anonymous reader writes "Facebook on Friday released its Android launcher called Home. The company also updated its Facebook app, adding in new permissions to allow it to collect data about the apps you are running. Facebook has set up Home to interface with the main Facebook app on Android to do all the work. In fact, the main Facebook app features all the required permissions letting the Home app meekly state: 'THIS APPLICATION REQUIRES NO SPECIAL PERMISSIONS TO RUN.'
As such, it’s the Facebook app that’s doing all the information collecting. It’s unclear, however, if it will do so even if Facebook Home is not installed. Facebook may simply be declaring all the permissions the Home launcher requires, meaning the app only starts collecting data if Home asks it to."
It was a mistake to allow apps to declare which access rights they want and then present users with a take-it-or-leave-it choice. While this part in itself is not a bad thing, it should be possible for users to fine-tune the settings once an app is installed and the apps then cope with that. I know there are apps out there that let you do this or similar but it should have been built in from the start. This is the activeX of the 2010s
You buy a device to store your personal data on from a company that collects personal data for a living, and then run an app on it from another company that profits from collecting you data and then are confused when they collect your personal data?
Reposting as me
"XML is like violence. If it doesn't solve your problem, use more." - Anonymous Coward
You buy a device to store your personal data on from a company that collects personal data for a living
I don't think this is limited to the Nexus range of Android devices.
I was actually curious to try Home, but when I saw the new permissions requested by the Facebook base app, I just said 'enough is enough' and deleted it.
I think I'm definitely in the minority, but stuff like this increases that bifurcation of their userbase. I keep a toe in just because I know people that use Facebook as a primary communications tool, but I already log in only in a separate browser from everything else I do just to quarantine it.
I looked over the new permissions being demanded by Facebook for the latest Android app update, and stopped dead at the point when they told me that the app could now "call phone numbers without your intervention." Say WHAT??
I expect Google to have pretty intimate integration into an Android phone. I signed on knowing that. From everything I read Facebook is now looking to pretty much take control of the phone OS, not by developing their own, but by hijacking large swaths of control from Android or the user.
Ultimately though one thing is making me stay away from this update, Facebook Home, and probably Facebook entirely on my phone: the Facebook app has been hands down the worst thing I've installed, and gets more useless with a very upgrade.
Three Squirrels
USE TINFOIL FOR FACEBOOK!!!
Seriously guys. It works pretty well, and it isn't as annoying as the Facebook app.
https://play.google.com/store/apps/details?id=com.danvelazco.fbwrapper&hl=en
Facebook's android app drains battery, is full of bugs and has a wierd non-standard interface. I didn't think they could make it any worse, but here we go - well done Facebook, you really raised the bar on suck there.
If an app states it needs permission to do X and Y, it would be rather naive to not assume it will do X and Y.
I'm a little surprised Android hasn't copied iOS's behavior, where it asks the user whether or not to grant permissions to a specific thing (e.g Contacts or Location) at the time the app tries to do so - it just makes sense, and it's not like both OSes haven't copied from each other before. But I suspect Google doesn't really want to remind you of what information each of its apps is accessing, or when.
#DeleteChrome
"Yeah, we know you didn't really vote this Hitler fellow to be your Fuhrer, but it's okay; the Kaiser gave it to him in an attempt to shut him up. Move along; nothing to see here."
"Tongue tied and twisted, just an Earth bound misfit
Want proof that Google, Verizon, etc. are in on the privacy nightmares of Android?
They keep releasing new versions that prevent people (who own their phones) from rooting them to
1) block ads ( from their Google Play store)
2) prevent you from using apps to control permissions (like LBE Privacy Guard that now reboots your phone in an endless loop)
With all the time and effort put into their OS, why have they not allowed users to control permissions on apps in any way, shape, or form? Why? Because they are marketing companies that also sell your data to other companies (including all the top mobile carriers). They make deals with these companies and propagate the problem - turning smart phones into a privacy nightmare. And it's not like the iPhone is any better.
Until people take a stand (and stop being a bunch of apathetic consumers), it's not going to change. People allow themselves to be taken advantage of. It's sad. Most don't even care. They'll happily give Facebook and Google all their information because "they don't have anything to hide" - which we all know is the lamest excuse for apathy possible and is easily dismissed as moronic. And it just keeps getting worse - and now our governments collect this data too.
And what is the effect? People are not getting jobs or losing their jobs due to their Facebook posts. Insurance companies are increasing rates on people who type certain terms into their search engines. And that's just barely getting started!
Wake up, folks!
If you have root you can turn off those permissions. If the app doesn't run without snooping permissions (as Groupon and Google Offers do not), well, it's their choice not to get my business.
Keep in mind that you do not have to use Facebook's app; there are several third party Facebook apps for Android.
I installed the FB app when I first received my Galaxy Nexus, and the battery life dropped from 3 days to 1, so I axed it, and added a desktop shortcut to their mobile site, which seems to work well enough for me.
For example, lots of apps require "Read phone state and identity" which gives the ability to learn not only the phone number, but also whether you are in a call and the number of the other party.
There's a very good reason for media players and games to require this. Knowing whether the user is in a call allows the program to pause itself until the call completes.
I don't laugh at all those future phones sold with this garbage, and with it installed and set up in such a way that you are forbidden from uninstalling it...
I already have problems caused by "stock" programs on my phone that cannot be uninstalled without root access, and I cannot trust going through the process of attempting to gaining root, something that could possibly leave me without a phone. Once this garbage makes its way "stock" onto commercial Android phones in the same way, there will be an even greater need to try to gain root access. I am not looking forward to the day when I have to start doing extra research just to find out if a particular cell phone comes with this Facebook garbage, only to find that they all fucking do and the only possibly way out of it is to risk rooting it.
It's already a bitch doing research for a new phone, given all the variations in (incompatible) Android versions. It's a royal pain in the ass trying to find a phone that doesn't suck in general, and doesn't force the use of a cell service provider that tries its best to fuck you up the ass. The last we need is to add fucking Facebook to the mix. Fuck them.
If you have a Facebook account you have already decided to publish every detail of your life anyway.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Luckily I live in Belgium
For people who want what you have, how's their immigration policy?
where clicking 'I agree' is not a form of contract
If accepting a contract offer under Belgian law cannot be done by activating a control in a graphical user interface, then how can anybody sign up for a service or buy a product over the Internet?
Android is total spyware anyway - the electronic equivalent of standing on a street corner bent over with your shorts down to your ankles. Enjoy.
Now this layer on top - Facebook; The venereal disease of the internet.
-1 Troll me if the truth hurts, Fandroids.
"But I don't trust that people won't lie in these rationales." That's what Dalvik disassembly and free software licensing are for, so that people who get paid to review applications can verify that the application's source code actually does what the rationale says and doesn't peek at actual phone calls.
Interesting. I don't have a single one of this 'must haves' installed.
While this part in itself is not a bad thing, it should be possible for users to fine-tune the settings once an app is installed
Be realistic! Who is going to do this? Approximately no-one.
What really is better is that as apps request protected resources, then you are asked if you want to allow such access - that way you the user have the context for the access, to understand exactly why you would want to allow that ability.
There are a lot of iPhone apps for example, where I am happy to give location when I see what it is used for - and almost no apps that I care to give permission to see contacts, but I can run any new app knowing it will ask if it tries to get them. It also means that you can buy something and run it much later without having to remember just exactly what it was you agreed to let it access!
It is insane to me to ask non-technical users to understand up-front permissions at all.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Today there's an Apple fanboi sponsored article that screams that 99% of all malware is from Android. If you parse that you'll discover that most of it is PRECISELY this sort of thing which users will download and start hammering away like a crackpipe even when you tell them what it does to their personal info. Which btw iPhone apps do too. But we don't want to talk about that......
People are stupid and we need to start beating them half to death with their phones.
Uninstalled.
I'll admit that Android has a "phone state" permission that's far too coarse-grained. But I see that as a minor flaw compared to the big flaw in iOS: Apple deliberately left out some parts of HTML5 as well as native APIs needed for applications to perform wireless network troubleshooting. Several categories of applications are completely excluded.
I don't see how having access to your apps list matters much when the FB app already has access to:
Your personal info (read and write contact data) Your location (fine)
Network communication
Your accounts
Storage (modify/delete usb contents)
Hardware controls
Phone calls (state and identity)
System tools
-- QED
As the example I'm most familiar with, let me consider the Opera Mobile web browser. Since the browser supports GetUserMedia it has to say it accesses the camera, though in reality it will ask you if the website should be allowed to access your camera if the site asks to do so (if you visit some video chat site). Likewise since they support location-aware websites, the permissions say it uses both GPS and network location data - but again, if you visit a website that wants your location (so they can tell you where their nearest physical store is, for example) the browser will ask if the website should have access to your location. The Play Store doesn't have any way of indicating that the app will ask before actually accessing this data.
And for those apps which don't offer a choice, the OS should. All browsers support 3 general settings for cookies - accept, deny (block), and ask. You should be able to say "No, I don't want this app knowing my location today" if you so choose - and still be able to allow it tomorrow. Or still run an app while denying it access to your contacts - ever. It should be part of Android (the browser shouldn't have to ask per se) or whatever OS, so that the developer doesn't have to think about it ... well, okay, an email or chat app always needs access to your contacts, so maybe they should have a "requires" and "can use" in the permissions.
So it's basically spyware then. Or does that term not apply when it's a company as big as facebook doing it?
Are there any open source facebook clients? Pidgin uses XMPP for facebook chat but it doesn't support "multi chat" and more importantly it does not let me read messages that I missed when I was offline.
j2me implementations had a bunch of permissions that on most phones were available ONLY as on demand given permissions, with some having no option(without trickery, carrier signing etc) to allow always even. or even allow for session.
so they might be wary of that. but it could be done better. in the j2me world on many phones you had a filesystem and api's for handling that. but that wasn't much fun when getting a file listing or creating a file took 3 repeats of a two button press dialog!
world was created 5 seconds before this post as it is.
I'm shocked a social networking company that makes its money by selling as much data as it can possibly mine out of its userbase has created an uber app that runs on your mobile device and gives them unfettered access to all your information.
Really? People are shocked by this? I would have been much more shocked if a report came out showing how Facebook Home actually protected your privacy.
Honestly I never had any interest in running this on any mobile device I own. Firstly I care about my privacy and secondly I could give two shits what the highest score my aunt has achieved in Candy Crush today. I always wondered what would happen if Farmville and Bejeweled had a baby... it's truly a Lovecraftian horror or tentacles, eyes and mouths..
Yes Francis, the world has gone crazy.
Android is total spyware anyway - the electronic equivalent of standing on a street corner bent over with your shorts down to your ankles. Enjoy.
I have to say I didn't enjoy my Android phone half as much as your other suggestion.
I am not sure what all the Android crash report gathers, but the Facebook Android app is getting buggier and buggier with each release, with people screaming bloody murder in the reviews. It is possible that Facebook is gathering this data to see what might be causing people problems. Still, I don't like the idea of an app developer, even facebook, knowing what I am running. Not that I have anything to hide, but still....
Forget FB, I tried it for a year 4 years ago, then deleted my account.
I deleted my account around the same time. All it ever did for me is show my friends progress in Farm Ville.
I was also told my account wasn't deleted and I could reactivate it by logging in again. In other words it
didn't do a damn thing.
WebGL in particular is not supported by Chrome or the old Android Browser (except for one specific phone).
Three things: First, one Android phone is greater than zero iPhones. Second, Android lets you install Firefox, which does support WebGL according to this chart. Third, WebGL is in Chrome for Android beta, which means it's coming soon to Chrome for Android.
Would you target WebGL and then do the old 90's "Best viewed in FireFox for Android?"
"Best viewed in" is bad practice. Quoting the box at the lower left of the page linked at the end of your previous comment: "Always use feature detection." If the WebGL feature is not detected, the application would display "This web application requires a web browser that supports WebGL." The words "a web browser that supports WebGL" would link to a list of web browsers that support WebGL either in a release version or in a beta version. The list would have sections for all platforms, with the platform matching the user agent at the top. For example, the Android section would list Firefox for Android and Chrome Beta for Android. For iOS it would say "Apple has chosen not to make WebGL available for your device. Please try this application using a desktop or laptop computer."
If such an error message is not acceptable, what API do you recommend using instead of WebGL? Should a web application that presents a 3D view have an alternate 3D engine that runs on top of 2D Canvas and just accepts the stitching bug as collateral damage? Or is the concept of "a web application that presents a 3D view" itself unacceptable for some reason?
Just do what I do... use a phone built in the early 2000's. When mine breaks, I can find a replacement for less than $30 without all the new crap installed on it.
Will they even make dumb phones / feature phones 5 years from now? 10? They will effectively become unobtanium, like a quality CRT display, a quadraphonic sound system, or a box of floppy discs.
More Twoson than Cupertino
In addition to the "Retrieve running apps" and "Reorder running apps" permissions, the new version of the facebook app also requests the "Draw over other apps" (aka the "popup" permission). I'm sticking with the old version, which is intrusive enough, thank you very much.
Did you mount a military-grade, variable-focus MASER on an unlicensed artificial intelligence?
I declined the "upgrade" and will remove it from my phone when it ceases working. Facebook needs people more than people need Facebook.
I thought you could already do that without requiring READ_PHONE_STATE? When your app loses focus (for whatever reason, a call, user switches to another app, etc..) then onPause() gets called.
Perhaps I was wrong about the games aspect, but the user of a music player application wants its service to keep playing in the background even while its activity is "stopped" (not visible at all). If you pause music playback when the user switches away, you're right back to the single-tasking in iOS pre-4. Perhaps audio focus is the right way to manage that.
Forget FB, I tried it for a year 4 years ago, then deleted my account.
I deleted my account around the same time. All it ever did for me is show my friends progress in Farm Ville. I was also told my account wasn't deleted and I could reactivate it by logging in again. In other words it didn't do a damn thing.
At the time I'd heard about 'deleted accounts' that weren't truly deleted, so I followed the exact steps to delete my account as detailed by a reputable site. It required doing some extra steps that I never would have known how to do. It is doable, you might need to google for that info now, and once you know how to truly delete your account, re-log in and perform those steps. Here's a quick Wiki-How link...
http://m.wikihow.com/Permanently-Delete-a-Facebook-Account
Flash is different. Flash was effectively controlled by one vendor (Adobe). WebGL, on the other hand, was an open standard from day one. In fact, iOS 4.2 and later support WebGL, but only for iAds. This makes the omission of WebGL from Safari appear all the more deliberate.