Slashdot Mirror
Why Does Facebook Need To Read My Text Messages?
DavidGilbert99 writes "Facebook updates its Android app quite a lot, but the latest version asks for some rather odd permissions. Rolling out in the UK this week, some users have noticed that it now wants permission to read your text messages. While most suspected Facebook wanted to access the data to try and serve you more targeted ads, Facebook says it is only so it can facilitate two-factor authentication...apparently."
Why Does Facebook Need To Read My Text Messages?
Because shut up, that's why. If you ever want to hear from your "friends" again, you'll do exactly what we say without question. I'm certain you know that either you or your friends are too stupid or lazy to start and follow privately-hosted blogs, so sit down, shut up, and continue giving us data to mine. Idiot.
Android needs to add two levels of permissions for much of this stuff. You basically have to ask for everything or nothing. I wanted to check network state in my current app, which requires asking for permission to change the user's networks. I don't want to change their networks. I just want to see if the network is up.
ALL - and I mean ALL - of these social networking sites and apps exist for one thing and on thing only - to extract your information.
They have the data and know that they can manipulate your buying habits. You will not agree with this. I know you wont. But you are manipulable.
We all are.
It's NOT 'You will eat at Joes!'
It's more like, 'Hmmm, I want to go out and eat, How about Joes?'
That's all it takes.
And with Big Data, they got us.
Uninstalled the app, started using FB via browser. For my low intensity usage it's still perfect. Also links to click and youtube embeds work seamlessly now.
Got no messenger installed too.
This is the dumbest line of reasoning for new corporate abuses. "Think about what those 0.1% of private citizens might do if they had similar access!"
Rather than, "Your ours now, since you've ever used our service." I'm not entirely sure the facebook bloatware that comes on cell phones won't provide this data back for even non-users like me. You just can't prove it, since the walled-garden prevents you from installing your own security measures.
The big corporations feel entitled to our private lives, and we can't stop them.
Root
install xposed framework
install AppOpsXposed
remove permission to almost everything
i checked mine and noted that the new permission had been added but never used
stephen
I have tintoil installed and I don't even own any electronics.
Put both your SMS and your Instant messaging in the same app (just pushing facebook chat over hangout chat).
Bottles.
... and many other apps. No idea why they really need those permissions just so users don't need to copy over a verification number. This is ridiculous... i wonder if they did research what more users would accept.. having their app require the permission to read *all* SMS .. or just requiring the user to occasionally type a one time password from the SMS app into the twitter/facebook/whatever app.
this is really something android has to solve.. something like optional permissions for the lazy users who really want to have that single features which requires all your personal data.. it's not just as a user, but it's also annoying as a developer - i could obviously also just make the user download 3 different apps for each functionality, and have fine grained permissions this way, but this can't be the best solution..
Find me at http://herbert.poul.at
No need to question it further. A completely benign reason with no ulterior motive. Just allow it and be happy. Facebook wouldn't do anything against your wishes...
Ascalante: Your bride is over 3,000 years old.
Kull: She told me she was 19!
.
facebook even collects the posts you start typing but decide not to send.
What Facebook wants to do is send a text message with a special code to your phone. Letting the app read your text messages allows the app to read the code automatically so you don't have to copy and paste from the messages app.
But what else is the app reading in my text messages?
I couldn't be happier now that I've completely purged Facebook and its hidden (SNS, not a typo) services from my ROM and phone, and frozen/deleted all of the other assets in other apps that try to "phone home" to Facebook. Side benefit is that after removing Facebook from my phone, I gained seven solid HOURS of battery life back. I didn't realize how often the SNS service and Facebook itself were sending and receiving data, phoning home, etc.
The combination of Android Permission Manager, DroidWall and LBE Security Master have made things much easier to block, delete, drop packets, deny and forbid services from trying to use unnecessary permissions.
I guarantee that no app is doing what it shouldn't, and those that should have permissions (Camera => Take Photos Permission) are prompted every time they attempt to do so, never allowed by default. If I'm not using the Camera for example, and I get a popup that it tried to take a photo, I permanently deny it and remove/uninstall the app. I don't tolerate any of that out-of-band behavior on my phone.
You should investigate the same. Yes, we all know about the L4 kernel, but this at least will help remove the abuse from the application level.
You don't need to use the Facebook app on your phone, you can use the mobile version of the website, or if you're using Android (as is the case with the OP's gripe), you can use Tinfoil for Facebook.
Remember to uninstall Facebook as an app and from ROM including the SNS service (not a typo), to completely rid your handset of that mess.
If you don't want to do that, use Orbot and the mobile site over Tor using the Orweb Privacy Browser.
1) Go to "Account Settings"
2) Press "Deactivate you account"
3) Get an effin' life.
That's the sound goatse makes when he farts
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
We can't?
Facebook didn't get any kind of information from me. Take a wild guess how I accomplished this feat.
Hint: They can't exist without us. We can exist just fine without them.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
user: Facebook, why do you want to read my text messages?
Facebook:Fuck you, thats why.
user: okay.jpg.
All joking aside though, seriously, stop using facebook. You're the product, not the consumer, so none of your opinions or concerns sincerely matter.
Good people go to bed earlier.
The real security for blackberry apps is in that they made it such a PITA to develop for Blackberry that nobody bothers.
I am more interested in why Google Play Services transmits my fine location, wifi-scan, cell scan, and GPS data 24/7.... Although FB has perms for lots of stuff, the logs on my phone report that is SMS has never been accessed. If you are rooted install AppOpsXposed and see for yourself.
I recently installed Cyanogenmod on my old phone (HTC G2/Desire) so my wife, who's taken possession of it, could use some 4.x-only apps. I couldn't believe how beautifully it runs on a three-year-old phone (I mean, it's SLOW, but everything WORKS), and the lack of bloatware and pre-installed apps (read: Facebook) makes me super jealous. I'd put Cyanogenmod on my current phone (Samsung Galaxy Relay), but last I checked, there weren't any stable builds for it with an Android version greater than what I've got now (4.1).
And if bloatware on your phone is eating your private messages and sending them off to a company you never signed up for an account with, would you know?
Privacy Guard: Control what your applications can learn about you and your contacts. Protect yourself with a simple click, or long press an app to delve deep.
Blackberry actually had this right. Apps requested permission when you installed them, you could either allow, deny, or ask it to prompt you first. It would be really awesome if Android had that feature too.
x86, oh yes, I'm pro.
So that Google can provide geolocation for devices without GPS by fingerprinting the signal strength patterns and access point names you see. They also use it for road traffic reports - where do you think Google Maps gets its traffic data from?
Help I am stuck in a signature factory!
Simple. They want to be able to get a status from SMS text and the only way to get that is to get permission to the SMS Messages. There is no finer permission level in Android to just give them what they need without access to the rest.
I just block that access since I don't want to use their messaging anyway. Blocked with Root, Xposed Framework, XPrivacy to control which permissions I want to allow them to have.
I saw that odd permission request today, fuck me if I ever update this crapware again
This is a perfect example of why is should be possible to give an app temporary permission to do something, or to selectively deny permissions. This type of authentication is something that only needs to be done once over the lifetime of the device. If I was using it, I would just copy/paste the code -- and someone who is less paranoid could allow the facebook app to read their text messages at setup time, and then deny that permission from that point on. Instead what we end up with is that after you've gone through that authentication step, Facebook will be able to read your text messages forever more.
But I assume that most people are just going to shrug and install the app anyway. I know that way back when, facebook would bug me to give them my email password so that they could go look up all my contacts. It's hard to believe that people actually fall for crap like that -- but apparently they do.
How can we continue to believe in a just universe and freedom to eat crackers if we have no ale?
We can't?
Facebook didn't get any kind of information from me. Take a wild guess how I accomplished this feat.
Hint: They can't exist without us. We can exist just fine without them.
So you've never texted anybody who uses facebook?
You can close your mouth now.
I don’t know why this is so hard for people to understand. Facebook’s primary source of revenue is ads. Just like Google. They increases the probability that you’ll click on one by examining every last bit of your data that goes through their system. That’s the whole thing in a nutshell.
It amazes me that people are surprised by this.
Don’t put anything on the internet that you don’t want Facebook, Google, the NSA, and every one else looking at. If you store something encrypted on the internet, there’s a chance someone will hack it and get your data anyway. NOTHING IS PRIVATE ON THE INTERNET. Yes, I have a Facebook account, which I use rarely to connect with friends and family. I don’t talk about anything sensitive, and I don’t publish any information that isn’t the sort of thing I would be embarrassed to appear on my LinkedIn profile, which is something I WANT people to see.
The key here isn’t to to complain about Facebook’s policies. That isn’t going to change because 99% of people just accept them anyway. The key is to avoid those services if you object to them. There are many other things in life that make you become publically visible, not limited by any means fo Facebook. Perhaps you want to avoid those too. Good. If ultimately the majority of people decide they don’t like being probed like this, perhaps Facebook will chance. But probably not because they’ll still have a billion users.
Some really stupid picture of you getting drunk from 5 years ago is still on the Internet somewhere, and employers WILL find it. I think this is awesome. In this economic environment, I’m very glad to have more ways that people remove themselves from competition with me when I’m looking for a job. Some people just don’t do really stupid things, while others are forward-looking enough to keep them from getting published. Either way, those are the sorts of people I want to hire in preference to jackasses who think it’s funny to show everyone how stupid they are.
I did not really think to much about privacy until this update.
Now I am slowly deleting and detoxing from facebook
while I did not give a hoot before, now I can only wonder why I did not do this sooner.
if you see me, smile and say hello.
So that Google can provide geolocation for devices without GPS by fingerprinting the signal strength patterns and access point names you see. They also use it for road traffic reports - where do you think Google Maps gets its traffic data from?
Exactly. When I activated a new Nexus tablet it explained in plain language about the Google Location Reporting (how they get data for the wifi geolocation you mention) and ask whether or not one wishes to activate it or not.
You can disable it in Settings --> Location --> Google Location Reporting. Turning GLR off does not interfere with other location-related things (for example, you can turn off GLR but still use the geolocation functions in Google Maps or other apps).
Why do you have that kind of phone instead of a simple phonic device? Yes, they exist, i have one.
What is this "Walled Garden" on Android of which you speak?
The one that won't let you uninstall any app that was shipped with the phone.
Yes, you can install other apps and sideload apps (in most cases at least). "Walled Garden" generally refers to the being restricted to one app store, but I'd agree that it loosely applies here as well.
You may be able to root the device and/or install cyanogen or some other OS. In most cases, that does not override the fact that there is a walled garden... it just means the walls are not perfect.
For an example, how do you remove "Story Album" from a Samsung Galaxy S4 without rooting the device?
If some app is already installed, and you can't remove it, you have no way to control what it has access to without more drastic steps (rooting). This is the intent of the distributor.
Because I don't want a phone. I want a PDA.
I also want to phone people every once in a blue moon and have always-on access to various IM clients. I don't want to carry two devices.
Now you don't want this and it is great that you can get a device that meets your needs. I can get a device that meets my needs but alas now they all come with shit installed.
Wow, I should not post when knackered.
When I was deciding on a tablet, I was waffling on what to get but the issue of privacy ended up being the thing that decided me.
With Android, you have no choice but to accept the permissions that an app insists on. Either that, or don't use the app. Combine that with Google stating outright that they plan on *reducing* privacy protections, I wasn't happy.
Then I researched the privacy protections in iOS. You have the ability to selectively deny or allow what an application is allowed to see, and can change your choice later on if you change your mind. Say what you will about Apple, but at least they're making a decent effort in this regard.
PacMan ROMS have Privacy Guard that allows you to disable those "permissions" you give for apps upon install. The app will think it's doing what it wants. But you're in control.
Rooting and flashing a new ROM is the best thing you can do for your privacy.
We should learn what we need to know about issues, before we decide what we need to feel about them.
Not sure iOS is any less broken - they don't ask you about some things, they just share them anyway. As soon as I got an iPhone and installed the LinkedIn app, linked in started asking me if I wanted to connect to people/organizations that I haven't had anything to do with in years - but they happened to be in my contact list on the phone. Hmmmm.....
Also, you can do what I did, which was just create a shortcut to the mobile facebook website and place it on your homescreen. You get a nice looking icon that says "Facebook" under it, as if it were an actual app.
Yeah, the app was "better," but at least I don't have to worry about what it's leaching from my phone (and consequently, hurting battery life/usng data)
The Internet King? I wonder if he could provide faster nudity.
If one cannot remove a silly true photo of oneself from the tubes, then the same is true for the fakes. How many employers ever tried to verify the photos, they have seen on the tubes? The point is - somebody may have posted a photo with you having fun with a camel, a photo which was a fake. Your prospective employers may not even bother to verify. The fun part is - they may not even bother to tell you whether they rejected you because they got excited out of this photo , because they did not or just because they did not like the camel's smile. The memory of the tubes is another subject than the ones discussed on this thread and one that that you failed to analyse properly. But hey that is ok - now you can go and have fun with the camel anyway - this does not make any difference anymore...
Yes, I have never texted anyone who uses facebook. I can say that with some sort of credibility due to never texting. I'm one of those odd people who prefer to, ya know, make PHONE calls with a PHONE.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
My nexus S was getting slow and I needed another phone. For some time I was seeing google changing open applications for closed ones. I already knew that the permissions on android were broken. I never installed LinkedIn because of the calendar permission... No reason for that! And then I see this Facebook update and an older one asking to authorize the keyboard to access the internet... Why?? I talked with some Friends with iPhones and I got convinced that iOS protects me better. I bought a second hand iPhone 5.
Math is beautiful... e^(pi*i)+1=0
There is snoopwall and others that stanch the flow of bad stuff. But honestly, Facebook ought to heavily fined for their boorish invasion of privacy. The data hogs need to be taught a lesson of the value of ecosystems, which is that if your customers revolt, your business model is dead.
---- Teach Peace. It's Cheaper Than War.
So that you can type your friend's name into the Maps search bar and get directions to their house.
With Firefox. Using Ghostery. It's about the safest way I can find to use and be used by Facebook on my Android-based Nexus 4.
Success without humility is an indulgence in arrogance
These kind of "strange" permissions are quite common. Lately, my online banking Android app asked permission to access the camera. Now why would a banking app require access to the camera? Apparently because they have added the possibility to scan checks.
Ok, all very nice. But now you have access to the camera. How can I see that you are not using it all the time? Just ask for access when you are going to use it, not when you install an app that may want to use it.
IMHO this is a flaw in Android app permissions.