Slashdot Mirror
Facebook Scraped Call, Text Message Data For Years From Android Phones (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received. This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us -- my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata. In response to an email inquiry about this data gathering by Ars, a Facebook spokesperson replied, "The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it's a widely used practice to begin by uploading your phone contacts." The spokesperson pointed out that contact uploading is optional and installation of the application explicitly requests permission to access contacts. And users can delete contact data from their profiles using a tool accessible via Web browser.
If you granted permission to read contacts during Facebook's installation on Android a few versions ago -- specifically before Android 4.1 (Jelly Bean) -- that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017 -- the point at which the latest call metadata in Facebook user's data was found. Apple iOS has never allowed silent access to call data. You are able to have Facebook delete the data it collects from you, "but it's not clear if this deletes just contacts or if it also purges call and SMS metadata," reports Ars. Generally speaking, if you're concerned about privacy, you shouldn't share your contacts and call-log data with any mobile application.
If you granted permission to read contacts during Facebook's installation on Android a few versions ago -- specifically before Android 4.1 (Jelly Bean) -- that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017 -- the point at which the latest call metadata in Facebook user's data was found. Apple iOS has never allowed silent access to call data. You are able to have Facebook delete the data it collects from you, "but it's not clear if this deletes just contacts or if it also purges call and SMS metadata," reports Ars. Generally speaking, if you're concerned about privacy, you shouldn't share your contacts and call-log data with any mobile application.
I've avoided facebook because I thought it was obvious this is exactly what they would be doing... sheesh... why are people so surprised this is exactly their business model they need this data about your social networks...
DO delete facebook
DO value your privacy
And it has been from the beginning. Zuckerberg called his first few thousand users "dumb fucks" for trusting him with their data, and that's how he's built the whole thing: screw people and their data.
Now it shows.
What surprises me the most is how this did not happen before.
Write boring code, not shiny code!
This is why I had to uninstall my bank's app after a new version demanded access to contact list, etc. I never install the customer loyalty apps from any of the chain stores or restaurants; they all want this stuff and it's too instantaneous to say "oh, just use targeted permissions after installation". Nope; it will suck down your contacts and sms history faster than you can switch over to lock it down.
This is why you look at the app permissions before installing and app. I was the only person I know that said, "Hmm, why does Facebook need to read my call history and contact lists?"
I'm a good cook. I'm a fantastic eater. - Steven Brust
if you're concerned about privacy, you're not on Facebook.
Well, that narrows things down substantially!
I made a hefty bit off of it but I dumped it this past week, the ship is sinking and it's sinking _fast_.
The Facebook privacy policy says they will access your address book, but it doesn't say they will access your call data. It seems like they are going beyond what they are saying they will do. That's kind of weird, because you expect their lawyers to be on top of this kind of stuff.
Not that anyone reads the privacy policy.
It's really hard for me to feel outrage about this......something that's been a problem for years, and now they went a little farther so you are worried?
"First they came for the slanderers and i said nothing."
Just now waiting for the bright-eye police officer to request a warrant to see everyone who has ever called / contacted a phone number of interest.
On one side, those will be the ones that we know about, it's the other side that will be keeping me up at night.
To be fair, this is well known. If you install the Facebook App on your phone you are granting Facebook carte blanche to hoover up everything on your phone - and even listen to your calls. If people choose to ignore the "advisory" notes that go with the installation and select grant permissions to access everything anyway...then what else do they expect?
Facebook is actually paying for ads in major newspapers in two countries trying to do damage control-- no doubt following advice of industry consultants.
Obviously, Facebook does not need to reach a few users in newspapers! Big industry learned long ago that you can buy some sway with papers with full page advertising campaigns. This is more about softening the attacks from the few places where actual investigative reporting still happens... and where serious policy makers still go for at least average news coverage.
To make the Zuck a non-billionaire. Gentlemen, start your lawyers.
I'm not a big fan of Facebook, although I do use it at times to keep in contact with some friends and relatives.
The story makes it sound as though Facebook was doing something underhanded and nefarious. They were ONLY doing what the API allowed them to do. Where is the anger toward Google for allowing this type of access in their API? I'm not sure how the Android version of Facebook works, but when you install the iOS version, it explicitly asks you if you want to give the app access to your contact list, you DO have the option to decline.
Do what thou wilt shall be the whole of the Law - Aleister Crowley
I don't have facebook on my phone, but I suspect that Verizon is converting call audio to text and then selling the text to facebook or others - things I talk about or gps related items soon appear in my Facebook advertisements - there isn't a common email between Verizon and Facebook for me, so they might be connecting the dots by ip address
it's all your fault for being a fool.
It's OK though, you can close your account now and move to a more reliable and open alternative. It's been in use for about 100 years and is better in every way. It is called....
---> Ham Radio.
Just got a new antenna, by the way. 6 band cobweb 20-17-15-12-10-6 , it's working great and still have my vertical for 80/40 meters.
You are able to have Facebook delete the data it collects from you
That I'm pretty sure means they unlink the data from your fake config page so that you can't see it listed anymore.
>"Facebook Scraped Call, Text Message Data For Years From Android Phones"
I still fail to understand why this is a surprise to anyone. All this crap has been in the media for years. Can't use fake name, makes links without permission, makes connections with others without asking, sells your data to other companies, sucks up your history from every site you visit, tracks you everywhere you go, watches everything you do, demands your phone number and Email address and other contact information, and demands your face biometric and will just figures it out anyway if you don't give them, tags you in photos- even if you didn't supply them, refuses to actually let you delete things for real, enables bullying, has back doors for government access (and probably without due process), suppresses your free speech, manipulates "news" and data it gives you, takes political stances, annoys you to death, wields unbelievable power, actually depresses and disconnects people from meaningful [real-world] relationships, destroys attention spans, isolates non-participants, etc, etc. Hello people, welcome to Facebook. "All your base are belong to us."
I don't have a FB account. Never have, never will. It is the ultimate in privacy invading spyware. It invades your privacy even if you have never used it. I hope it dies. My advice is disconnect and wipe what you can and and MOVE ON.
Seriously. Google and Facebook are on the same side. Google wants themselves and others to make money from your data.
Part of Appleâ(TM)s lockdown policy is so that these apps canâ(TM)t hoover every little bit of personal data from your phone. Unlike google, Apple have far more to gain by protecting your privacy.
I hope FB craters, hard! Iâ(TM)m so stupid for ever creating an account. Iâ(TM)ve closed it months ago, but still. Learn from my mistake; donâ(TM)t create a social media account. And if you did, close it.
Thereâ(TM)s a great reckoning happening on the Internet. Just go back to the 90â(TM)s before all this crap happened. Go out IRL, and hang with people. For internet based interest and communication, go back to community based BBS, even meet them IRL if you want. Oh, how I miss the old days of 2600 meet-ups...
...gave away MY NUMBER which was in their contactlist, without me allowing it, and I wasnt even asked. How is this optional for me?
Can you disable the data harvesting and still install the app to use it? I doubt it. Genuinely curious. I'd try it on my phone to test it but I've got more sense than to use the Facebook app.
There are no stupid questions, just stupid people.
I've noticed there are some FB apps preinstalled on my Android phone but I have never signed in to FB on my phone.
No, what you're stupid for is not digging down into the menus on your Apple gadget to fix the punctuation bug.
The permissions were fixed in the app store and sideloaded/preloaded apps, like facebook often was had whitelisted access by default.
Most of the major carriers not only preloaded facebook, but in some cases made it an internal app, meaning you couldn't delete it off your device unless it was jailbroken (you could disable it, but carrier updates or other changes seemed to cause it to reenable itself.)
I spent a great deal of time upon making the transition to smartphones replacing stock firmware images precisely because of these concerns. But the irony of the matter is: Unless you control the hardware and firmware, you really can't trust or control the software, which is the point we are at with all modern computing devices, save a small niche of SBCs with ultra-minimalist stage0 bootloaders. Bare hardware, at least at the consumer level, just doesn't exist anymore. And unlike systems of the past, like the 8/16/early 32 bit era, it isn't even a matter of the technical knowhow to replace the existing programmable sections, because now there are signing keys that refuse to allow it to initialize or boot if the signatures don't match up. And you 'don't need to know' the keys to make those signatures, or so the companies and government keep telling us.
I don't even have a Facebook account but plenty of my friends do and I'm sure some of them use Facebook on their phone. So how do non-users get their info removed? This is non-public information that I never agreed to share with Facebook.
If you are not sure what is deleted, just wait 2 months. Then GPDR will come into force and FB will have to DELETE everything upon request. Or cease functioning (the fines are gargantuan).
This is of course if you live in civilised world where the regulation have force. If you live outside EU – tough luck, consider moving.
:wq
lol yeah, because slashdot is an exemplary example of a coded website. Damn Apple for infecting the web ââ(TM)â(TM)â(TM)â(TM)
Maybe you should read and think about what applications are asking for what permissions before you go and just click allow. Lets ignore the fact that no one should actually be using unencrypted SMS and unencrypted voice applications.
This must be pretty good from the anti-terrorism point of view if you're trying to work out who is a member of a terror network.
Why UNIX?
Damn it, I've never had a Facebork account, so I missed out on getting all my data harvested by shady companies.
Is there any way that I could send it to them in bulk so I can catch up?
Just cruising through this digital world at 33 1/3 rpm...
If so, they have and will accelerate the use of FB data when it's use is to a client's advantage. Such data may possibly be more useful to them in a financial way than to the government's three letter agencies because there's probably much more useful data that's easy to pinpoint to specific individuals. It seems the three letter agencies spend a lot of money getting data on everyone and searching it whether it's useful or not.
Sucks if you were stupid enough to install the Facebook app. Or be a Facebook user.
Do you really need Facebook notifications? If you just want to read FB, go to m.facebook.com on your favorite browser. No snooping app required for it to work, and they don't block messaging and try to get you to install Messenger if you use Opera on Android.
I never use Facebook on my mobile, and only use the web client the few times I have to use Facebook for some organizations I am part of. I also make it a point to never share any personal information ever. And it really, really stresses the Facebook algorithms the f*** out. Every time I log in I get what by now seems more like desperate pleas for information. And browsing my front page is like watching the calm open sea compared to the in your face explosions of 'personalized' content I see others getting.
Google has been ahead of Apple on this except for control over specific permissions.>
Wrong, they have always been way, way behind, as I will illustrate.
When installing an app on Android, it showed you a list of which permissions the app wanted
How is something that everyone will agree to and you cannot individually control "ahead"? On Apple prior to iOS6 you ALSO knew exactly what an app could or could not access.
If you didn't like how much stuff the app wanted access to, you could choose to cancel the app's install before it ever began. Apple didn't add this capability until 2012.
WRONG. That is true of contacts but even from the start Apple has specific controls around some access, in particular location data. iOS 6 just expanded those permissions to Calendars, Reminders, Contacts, and Photos - a welcome addition as that was just when apps were starting to abuse contact access.
But even before then Apple was still way ahead because they ACTUALLY VETTED APPS. There was far less a chance an app was doing something shady, because Apple was reviewing apps and monitoring network traffic...
But even past THAT point, Apple was way ahead because apps never had phone/SMS access AT ALL until recently, so they could not be monitoring every call or text, period.
Neither will let you deny an app permission to access the Internet (using up your cellular data quota).
WRONG AGAIN. For *any* app on iOS you can specify if it may use cellular data. I forget when that was introduced but I think it was a long time ago.
Another issue has been apps which the carrier installs on your device (I assume they're paid to do it) which you can't uninstall.
Which we should all remember, Apple has never allowed carriers to do...
Also, note that none of these restrictions apply to the OS themselves. e.g. Apple has harvested iOS users' location data in the past>
Well you certainly are on a roll because that is ALSO WRONG. You had to agree to share analytic data with Apple for it to collect any data whatsoever, much less location data.
(they buried the request for permission in the EULA for an iOS update)
Instead of being wrong I'm going to label this bullshit as it's a question that is asked after an iOS update, on a screen with only that question. Hardly "buried".
lets you deny it permission if you want.
Well you seem to be implying Apple does not let you opt out. WRONG. You can always opt out of sharing data with Apple.
The fundamental issue I have with your post is that it paints a picture of Android being in any way acceptable for a non-technical person to use from a security standpoint. It is not now, nor has it EVER been safe to let a non-technical person use an Android device, full stop. If you are pushing your friends and family who are not technically astute to use Android, you are putting them in grave risk - because they WILL do things like install Facebook and have every call/text monitored, and probably they have far more shady apps collecting the same data....
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"You are able to have Facebook delete the data it collects from you" ..... does anyone believe that at all ?
Facebook will simply push it into a shadow profile of you, YOU won't be able to see it, access or delete it, that information is THEIRS, permanently.
Where they jail you if you make jokes they find unsavory? I’ll just stick to the us and not have we Facebook.
I barely ever check Facebook notifications, however I recently adopted Opera Mini on my mobile phone. This app is preset to show Facebook notifications. That’s how I discovered that a person whom I only contacted by phone and SMS (no mention of them on any file of my computers or tablets) was suggested to me as friend. I always carefully avoid to give access to my address book, and anyway this person is only on my phone (used for tethering).
Hey, How about having a beer with real live frriends and having a real conversation?
Apple only started shitting in people's website comments with 'smartquotes' in a fairly recent update. Why did they roll out needless shit that breaks functionality??
Who am I kidding? They're Apple, it's in their heritage.
Apple is the momma bear who will always protect you. The problem is, that means you're just a bear cub and always will be. Now eat your grubs and berries like a good little cub.
I hear EU is not particularly friendly to immigrants.
So they're giving lawful bribes to the semi-official propaganda organs, presumably for a little extra "fake" in the fake news coverage of their disreputable business practices.
This is why only mindless tools still trust the semi-official media.
So how do you delete this data without deleting your account? What is the link to the "tool accessible via Web browser?"
I predict that the next outrage will be when everyone realises that the FB and messenger apps also slurp WhatsApp messages from that app... (Possibly under the pretext of permission to read SMS Messages....). Remember that WhatsApp messages are only encrypted 'end-to-end' - if you are at one 'end' then you can read them in plaintext.
I once texted someone about Ford F-150. The next time I went to Facebook, I was inundated by ads trying to sell me a new F-150. I was like WTF!
Why would greedy sociopathic brogrammers be mean to people? /sarcasm
So, what do you think. Has The Zuck has displaced Larry Ellison as the most hated personality in tech?
Mossad uses Facebook data to turn, create, assassinate informants.
Jew Zionist conspiracy revealed to be true!