Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook's Android App Can Now Retrieve Data About What Apps You Use

Posted by samzenpus on from the show-me-the-app dept.

An anonymous reader writes "Facebook on Friday released its Android launcher called Home. The company also updated its Facebook app, adding in new permissions to allow it to collect data about the apps you are running. Facebook has set up Home to interface with the main Facebook app on Android to do all the work. In fact, the main Facebook app features all the required permissions letting the Home app meekly state: 'THIS APPLICATION REQUIRES NO SPECIAL PERMISSIONS TO RUN.' As such, it’s the Facebook app that’s doing all the information collecting. It’s unclear, however, if it will do so even if Facebook Home is not installed. Facebook may simply be declaring all the permissions the Home launcher requires, meaning the app only starts collecting data if Home asks it to."

11 of 176 comments (clear)

  1. Big Android Problem by Richy_T · · Score: 5, Insightful

    It was a mistake to allow apps to declare which access rights they want and then present users with a take-it-or-leave-it choice. While this part in itself is not a bad thing, it should be possible for users to fine-tune the settings once an app is installed and the apps then cope with that. I know there are apps out there that let you do this or similar but it should have been built in from the start. This is the activeX of the 2010s

    1. Re:Big Android Problem by __aaltlg1547 · · Score: 5, Informative

      you can use "Permissions Free" for example to modify an app's permissions. But some apps won't run if you take away any of their permissions. What's really needed is sandboxing.

    2. Re:Big Android Problem by Anonymous Coward · · Score: 5, Informative

      As an app developer I would also like "negotiable" permissions.

      I think a long list of permissions can be off-putting to users, and many permissions are needed only when the user actually tries to e.g. send an SMS from the app or take a picture. It would be better at that point to ask the user if they trust the app, much like the Android VpnService has to when it starts.

      The other error is that some permissions are far too broad. For example, lots of apps require "Read phone state and identity" which gives the ability to learn not only the phone number, but also whether you are in a call and the number of the other party. Similarly there's a permission to read the phone book. A number of these apps simply want a unique ID for licencing purposes (the IMEI can be used where available, and the phone book gives the google account) but end up with a whole lot more and look a bit suspect.

      The ID thing is discussed at http://android-developers.blogspot.co.uk/2011/03/identifying-app-installations.html, but the conclusion is poor, suggesting use of ANDROID_ID, but then still needing to jump through hoops for legacy devices. With about 40% of devices at API level 10 (http://developer.android.com/about/dashboards/index.html) this still gives developers a headache.

    3. Re:Big Android Problem by admdrew · · Score: 5, Informative

      Cyanogen definitely allowed this at one point (when looking at an installed app's settings, you could touch any of the permissions which would strike them out); it was hit or miss, with some apps crashing constantly when you disabled any of their permissions. I'm running 10.1 right now, and unfortunately this feature doesn't seem to exist anymore.

      --
      LegendMUD
    4. Re:Big Android Problem by paulkoan · · Score: 5, Informative

      The Pdroid http://www.xda-developers.com/android/pdroid-the-better-privacy-protection/ patches are a "better" approach. They allow apps to keep the permissions they are designed to use, but feeds them fake data when they use them.

      This protects privacy without crashing apps. However, it requires either a custom firmware with it already baked in, or running the patches against official firmware+root. This places it out of the comfort zone of many.

      --
      This signature intentionally left blank
  2. Why are you still surprised by this? by moderators_are_w*nke · · Score: 5, Insightful

    You buy a device to store your personal data on from a company that collects personal data for a living, and then run an app on it from another company that profits from collecting you data and then are confused when they collect your personal data?

    Reposting as me

    --
    "XML is like violence. If it doesn't solve your problem, use more." - Anonymous Coward
  3. I doubt most people will flinch but... by Anonymous Coward · · Score: 5, Interesting

    I was actually curious to try Home, but when I saw the new permissions requested by the Facebook base app, I just said 'enough is enough' and deleted it.

    I think I'm definitely in the minority, but stuff like this increases that bifurcation of their userbase. I keep a toe in just because I know people that use Facebook as a primary communications tool, but I already log in only in a separate browser from everything else I do just to quarantine it.

  4. Bye bye Facebook by rueger · · Score: 5, Informative

    I looked over the new permissions being demanded by Facebook for the latest Android app update, and stopped dead at the point when they told me that the app could now "call phone numbers without your intervention." Say WHAT??

    I expect Google to have pretty intimate integration into an Android phone. I signed on knowing that. From everything I read Facebook is now looking to pretty much take control of the phone OS, not by developing their own, but by hijacking large swaths of control from Android or the user.

    Ultimately though one thing is making me stay away from this update, Facebook Home, and probably Facebook entirely on my phone: the Facebook app has been hands down the worst thing I've installed, and gets more useless with a very upgrade.

    --
    Three Squirrels
  5. Use Tinfoil Instead by Anonymous Coward · · Score: 5, Informative

    USE TINFOIL FOR FACEBOOK!!!

    Seriously guys. It works pretty well, and it isn't as annoying as the Facebook app.

    https://play.google.com/store/apps/details?id=com.danvelazco.fbwrapper&hl=en

  6. When you assume... by 93+Escort+Wagon · · Score: 5, Insightful

    If an app states it needs permission to do X and Y, it would be rather naive to not assume it will do X and Y.

    I'm a little surprised Android hasn't copied iOS's behavior, where it asks the user whether or not to grant permissions to a specific thing (e.g Contacts or Location) at the time the app tries to do so - it just makes sense, and it's not like both OSes haven't copied from each other before. But I suspect Google doesn't really want to remind you of what information each of its apps is accessing, or when.

    --
    #DeleteChrome
  7. Pause while in call by tepples · · Score: 5, Informative

    For example, lots of apps require "Read phone state and identity" which gives the ability to learn not only the phone number, but also whether you are in a call and the number of the other party.

    There's a very good reason for media players and games to require this. Knowing whether the user is in a call allows the program to pause itself until the call completes.