Slashdot Mirror
Facebook Scraped Call, Text Message Data For Years From Android Phones (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received. This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us -- my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata. In response to an email inquiry about this data gathering by Ars, a Facebook spokesperson replied, "The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it's a widely used practice to begin by uploading your phone contacts." The spokesperson pointed out that contact uploading is optional and installation of the application explicitly requests permission to access contacts. And users can delete contact data from their profiles using a tool accessible via Web browser.
If you granted permission to read contacts during Facebook's installation on Android a few versions ago -- specifically before Android 4.1 (Jelly Bean) -- that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017 -- the point at which the latest call metadata in Facebook user's data was found. Apple iOS has never allowed silent access to call data. You are able to have Facebook delete the data it collects from you, "but it's not clear if this deletes just contacts or if it also purges call and SMS metadata," reports Ars. Generally speaking, if you're concerned about privacy, you shouldn't share your contacts and call-log data with any mobile application.
If you granted permission to read contacts during Facebook's installation on Android a few versions ago -- specifically before Android 4.1 (Jelly Bean) -- that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017 -- the point at which the latest call metadata in Facebook user's data was found. Apple iOS has never allowed silent access to call data. You are able to have Facebook delete the data it collects from you, "but it's not clear if this deletes just contacts or if it also purges call and SMS metadata," reports Ars. Generally speaking, if you're concerned about privacy, you shouldn't share your contacts and call-log data with any mobile application.
And it has been from the beginning. Zuckerberg called his first few thousand users "dumb fucks" for trusting him with their data, and that's how he's built the whole thing: screw people and their data.
Now it shows.
What surprises me the most is how this did not happen before.
Write boring code, not shiny code!
This is why I had to uninstall my bank's app after a new version demanded access to contact list, etc. I never install the customer loyalty apps from any of the chain stores or restaurants; they all want this stuff and it's too instantaneous to say "oh, just use targeted permissions after installation". Nope; it will suck down your contacts and sms history faster than you can switch over to lock it down.
To be fair, this is well known. If you install the Facebook App on your phone you are granting Facebook carte blanche to hoover up everything on your phone - and even listen to your calls. If people choose to ignore the "advisory" notes that go with the installation and select grant permissions to access everything anyway...then what else do they expect?
>"Facebook Scraped Call, Text Message Data For Years From Android Phones"
I still fail to understand why this is a surprise to anyone. All this crap has been in the media for years. Can't use fake name, makes links without permission, makes connections with others without asking, sells your data to other companies, sucks up your history from every site you visit, tracks you everywhere you go, watches everything you do, demands your phone number and Email address and other contact information, and demands your face biometric and will just figures it out anyway if you don't give them, tags you in photos- even if you didn't supply them, refuses to actually let you delete things for real, enables bullying, has back doors for government access (and probably without due process), suppresses your free speech, manipulates "news" and data it gives you, takes political stances, annoys you to death, wields unbelievable power, actually depresses and disconnects people from meaningful [real-world] relationships, destroys attention spans, isolates non-participants, etc, etc. Hello people, welcome to Facebook. "All your base are belong to us."
I don't have a FB account. Never have, never will. It is the ultimate in privacy invading spyware. It invades your privacy even if you have never used it. I hope it dies. My advice is disconnect and wipe what you can and and MOVE ON.
Do you have friends that use Facebook and do they have your contact info in their phone? If so, I have some bad news for you....
No, what you're stupid for is not digging down into the menus on your Apple gadget to fix the punctuation bug.
The permissions were fixed in the app store and sideloaded/preloaded apps, like facebook often was had whitelisted access by default.
Most of the major carriers not only preloaded facebook, but in some cases made it an internal app, meaning you couldn't delete it off your device unless it was jailbroken (you could disable it, but carrier updates or other changes seemed to cause it to reenable itself.)
I spent a great deal of time upon making the transition to smartphones replacing stock firmware images precisely because of these concerns. But the irony of the matter is: Unless you control the hardware and firmware, you really can't trust or control the software, which is the point we are at with all modern computing devices, save a small niche of SBCs with ultra-minimalist stage0 bootloaders. Bare hardware, at least at the consumer level, just doesn't exist anymore. And unlike systems of the past, like the 8/16/early 32 bit era, it isn't even a matter of the technical knowhow to replace the existing programmable sections, because now there are signing keys that refuse to allow it to initialize or boot if the signatures don't match up. And you 'don't need to know' the keys to make those signatures, or so the companies and government keep telling us.
I don't even have a Facebook account but plenty of my friends do and I'm sure some of them use Facebook on their phone. So how do non-users get their info removed? This is non-public information that I never agreed to share with Facebook.
The same for me. I have never used Facebook, partly because I suspected something like this would happen. It was just common sense.
I see you've been modded down because someone doesn't want to face the fact that they are gullible and got easily taken for a fool.