Slashdot Mirror
Facebook Scraped Call, Text Message Data For Years From Android Phones (arstechnica.com)
An anonymous reader quotes a report from Ars Technica: This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received. This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us -- my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata. In response to an email inquiry about this data gathering by Ars, a Facebook spokesperson replied, "The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it's a widely used practice to begin by uploading your phone contacts." The spokesperson pointed out that contact uploading is optional and installation of the application explicitly requests permission to access contacts. And users can delete contact data from their profiles using a tool accessible via Web browser.
If you granted permission to read contacts during Facebook's installation on Android a few versions ago -- specifically before Android 4.1 (Jelly Bean) -- that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017 -- the point at which the latest call metadata in Facebook user's data was found. Apple iOS has never allowed silent access to call data. You are able to have Facebook delete the data it collects from you, "but it's not clear if this deletes just contacts or if it also purges call and SMS metadata," reports Ars. Generally speaking, if you're concerned about privacy, you shouldn't share your contacts and call-log data with any mobile application.
If you granted permission to read contacts during Facebook's installation on Android a few versions ago -- specifically before Android 4.1 (Jelly Bean) -- that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017 -- the point at which the latest call metadata in Facebook user's data was found. Apple iOS has never allowed silent access to call data. You are able to have Facebook delete the data it collects from you, "but it's not clear if this deletes just contacts or if it also purges call and SMS metadata," reports Ars. Generally speaking, if you're concerned about privacy, you shouldn't share your contacts and call-log data with any mobile application.
And it has been from the beginning. Zuckerberg called his first few thousand users "dumb fucks" for trusting him with their data, and that's how he's built the whole thing: screw people and their data.
Now it shows.
What surprises me the most is how this did not happen before.
Write boring code, not shiny code!
This is why I had to uninstall my bank's app after a new version demanded access to contact list, etc. I never install the customer loyalty apps from any of the chain stores or restaurants; they all want this stuff and it's too instantaneous to say "oh, just use targeted permissions after installation". Nope; it will suck down your contacts and sms history faster than you can switch over to lock it down.
This is why you look at the app permissions before installing and app. I was the only person I know that said, "Hmm, why does Facebook need to read my call history and contact lists?"
I'm a good cook. I'm a fantastic eater. - Steven Brust
The Facebook privacy policy says they will access your address book, but it doesn't say they will access your call data. It seems like they are going beyond what they are saying they will do. That's kind of weird, because you expect their lawyers to be on top of this kind of stuff.
Not that anyone reads the privacy policy.
It's really hard for me to feel outrage about this......something that's been a problem for years, and now they went a little farther so you are worried?
"First they came for the slanderers and i said nothing."
To be fair, this is well known. If you install the Facebook App on your phone you are granting Facebook carte blanche to hoover up everything on your phone - and even listen to your calls. If people choose to ignore the "advisory" notes that go with the installation and select grant permissions to access everything anyway...then what else do they expect?
I'm not a big fan of Facebook, although I do use it at times to keep in contact with some friends and relatives.
The story makes it sound as though Facebook was doing something underhanded and nefarious. They were ONLY doing what the API allowed them to do. Where is the anger toward Google for allowing this type of access in their API? I'm not sure how the Android version of Facebook works, but when you install the iOS version, it explicitly asks you if you want to give the app access to your contact list, you DO have the option to decline.
Do what thou wilt shall be the whole of the Law - Aleister Crowley
it's all your fault for being a fool.
It's OK though, you can close your account now and move to a more reliable and open alternative. It's been in use for about 100 years and is better in every way. It is called....
---> Ham Radio.
Just got a new antenna, by the way. 6 band cobweb 20-17-15-12-10-6 , it's working great and still have my vertical for 80/40 meters.
>"Facebook Scraped Call, Text Message Data For Years From Android Phones"
I still fail to understand why this is a surprise to anyone. All this crap has been in the media for years. Can't use fake name, makes links without permission, makes connections with others without asking, sells your data to other companies, sucks up your history from every site you visit, tracks you everywhere you go, watches everything you do, demands your phone number and Email address and other contact information, and demands your face biometric and will just figures it out anyway if you don't give them, tags you in photos- even if you didn't supply them, refuses to actually let you delete things for real, enables bullying, has back doors for government access (and probably without due process), suppresses your free speech, manipulates "news" and data it gives you, takes political stances, annoys you to death, wields unbelievable power, actually depresses and disconnects people from meaningful [real-world] relationships, destroys attention spans, isolates non-participants, etc, etc. Hello people, welcome to Facebook. "All your base are belong to us."
I don't have a FB account. Never have, never will. It is the ultimate in privacy invading spyware. It invades your privacy even if you have never used it. I hope it dies. My advice is disconnect and wipe what you can and and MOVE ON.
Seriously. Google and Facebook are on the same side. Google wants themselves and others to make money from your data.
Part of Appleâ(TM)s lockdown policy is so that these apps canâ(TM)t hoover every little bit of personal data from your phone. Unlike google, Apple have far more to gain by protecting your privacy.
Can you disable the data harvesting and still install the app to use it? I doubt it. Genuinely curious. I'd try it on my phone to test it but I've got more sense than to use the Facebook app.
There are no stupid questions, just stupid people.
The permissions were fixed in the app store and sideloaded/preloaded apps, like facebook often was had whitelisted access by default.
Most of the major carriers not only preloaded facebook, but in some cases made it an internal app, meaning you couldn't delete it off your device unless it was jailbroken (you could disable it, but carrier updates or other changes seemed to cause it to reenable itself.)
I spent a great deal of time upon making the transition to smartphones replacing stock firmware images precisely because of these concerns. But the irony of the matter is: Unless you control the hardware and firmware, you really can't trust or control the software, which is the point we are at with all modern computing devices, save a small niche of SBCs with ultra-minimalist stage0 bootloaders. Bare hardware, at least at the consumer level, just doesn't exist anymore. And unlike systems of the past, like the 8/16/early 32 bit era, it isn't even a matter of the technical knowhow to replace the existing programmable sections, because now there are signing keys that refuse to allow it to initialize or boot if the signatures don't match up. And you 'don't need to know' the keys to make those signatures, or so the companies and government keep telling us.
I don't even have a Facebook account but plenty of my friends do and I'm sure some of them use Facebook on their phone. So how do non-users get their info removed? This is non-public information that I never agreed to share with Facebook.
If you are not sure what is deleted, just wait 2 months. Then GPDR will come into force and FB will have to DELETE everything upon request. Or cease functioning (the fines are gargantuan).
This is of course if you live in civilised world where the regulation have force. If you live outside EU – tough luck, consider moving.
:wq
Maybe you should read and think about what applications are asking for what permissions before you go and just click allow. Lets ignore the fact that no one should actually be using unencrypted SMS and unencrypted voice applications.
I find ANDROID'S behavior to be weird and creepy, and that is why I have always avoided them. And the whole thing just seems completely useless and pointless.
Fixed that for you because really this is a Android problem, not Facebook, because Android is the one that allows developers to request all this and store it. Apple didn't have this problem. How many other apps are still stealing android user data?
my karma will be here long after I'm gone
This must be pretty good from the anti-terrorism point of view if you're trying to work out who is a member of a terror network.
Why UNIX?
Damn it, I've never had a Facebork account, so I missed out on getting all my data harvested by shady companies.
Is there any way that I could send it to them in bulk so I can catch up?
Just cruising through this digital world at 33 1/3 rpm...
I use an iOS device, have ever since the first iPhone, but it always surprised me how Facebook knew my suggested friends so well. Some people I haven't spoken to in years would suddenly show up, sometimes obscure work connections. They must have had android phones and figured out who I was from their metadata. I wonder how many of my calls to android devices they have and can piece together a pretty good portion of the meta data they would have garnered from me if I had switched to Android.
Do you really need Facebook notifications? If you just want to read FB, go to m.facebook.com on your favorite browser. No snooping app required for it to work, and they don't block messaging and try to get you to install Messenger if you use Opera on Android.
The same for me. I have never used Facebook, partly because I suspected something like this would happen. It was just common sense.
I see you've been modded down because someone doesn't want to face the fact that they are gullible and got easily taken for a fool.
I never use Facebook on my mobile, and only use the web client the few times I have to use Facebook for some organizations I am part of. I also make it a point to never share any personal information ever. And it really, really stresses the Facebook algorithms the f*** out. Every time I log in I get what by now seems more like desperate pleas for information. And browsing my front page is like watching the calm open sea compared to the in your face explosions of 'personalized' content I see others getting.
Google has been ahead of Apple on this except for control over specific permissions.>
Wrong, they have always been way, way behind, as I will illustrate.
When installing an app on Android, it showed you a list of which permissions the app wanted
How is something that everyone will agree to and you cannot individually control "ahead"? On Apple prior to iOS6 you ALSO knew exactly what an app could or could not access.
If you didn't like how much stuff the app wanted access to, you could choose to cancel the app's install before it ever began. Apple didn't add this capability until 2012.
WRONG. That is true of contacts but even from the start Apple has specific controls around some access, in particular location data. iOS 6 just expanded those permissions to Calendars, Reminders, Contacts, and Photos - a welcome addition as that was just when apps were starting to abuse contact access.
But even before then Apple was still way ahead because they ACTUALLY VETTED APPS. There was far less a chance an app was doing something shady, because Apple was reviewing apps and monitoring network traffic...
But even past THAT point, Apple was way ahead because apps never had phone/SMS access AT ALL until recently, so they could not be monitoring every call or text, period.
Neither will let you deny an app permission to access the Internet (using up your cellular data quota).
WRONG AGAIN. For *any* app on iOS you can specify if it may use cellular data. I forget when that was introduced but I think it was a long time ago.
Another issue has been apps which the carrier installs on your device (I assume they're paid to do it) which you can't uninstall.
Which we should all remember, Apple has never allowed carriers to do...
Also, note that none of these restrictions apply to the OS themselves. e.g. Apple has harvested iOS users' location data in the past>
Well you certainly are on a roll because that is ALSO WRONG. You had to agree to share analytic data with Apple for it to collect any data whatsoever, much less location data.
(they buried the request for permission in the EULA for an iOS update)
Instead of being wrong I'm going to label this bullshit as it's a question that is asked after an iOS update, on a screen with only that question. Hardly "buried".
lets you deny it permission if you want.
Well you seem to be implying Apple does not let you opt out. WRONG. You can always opt out of sharing data with Apple.
The fundamental issue I have with your post is that it paints a picture of Android being in any way acceptable for a non-technical person to use from a security standpoint. It is not now, nor has it EVER been safe to let a non-technical person use an Android device, full stop. If you are pushing your friends and family who are not technically astute to use Android, you are putting them in grave risk - because they WILL do things like install Facebook and have every call/text monitored, and probably they have far more shady apps collecting the same data....
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Don't be so sure about that. Facebook is pulling from all sorts of data sets to figure out networks, including your GPS data, like if you're at a party with people.
If you have the FB app installed, you're part of the problem.
Fixed that for you because really this was a Android problem
Fixed that for you, Android hasn't had this problem for quite a while now and ultimately users were always warned what was accessible to the apps and could choose not to use them.
The takeaway is that we are all victims of Android, but some pay significantly more (for an Apple iGadget) and don't even get the Android phone to use.
I barely ever check Facebook notifications, however I recently adopted Opera Mini on my mobile phone. This app is preset to show Facebook notifications. That’s how I discovered that a person whom I only contacted by phone and SMS (no mention of them on any file of my computers or tablets) was suggested to me as friend. I always carefully avoid to give access to my address book, and anyway this person is only on my phone (used for tethering).
Hey, How about having a beer with real live frriends and having a real conversation?
Apple only started shitting in people's website comments with 'smartquotes' in a fairly recent update. Why did they roll out needless shit that breaks functionality??
Who am I kidding? They're Apple, it's in their heritage.
Zuckboy was planning on running as a Democrat for President in the next election. This whole 'crisis' might be a smear to prevent that. Or part of the campaign to make it happen. The one thing for certain is that Zucker is not a Trump supporter.
You mean Apple did not have this problem, as far as you know? Fixed that for you. Apple does or did have this problem, and many others, you just are not aware of it. Also, it is most certainly NOT an Android problem, it is a GOOGLE problem. Android is an operating system, and as an inanimate object, cannot harbor intent, either good or ill. It is the PEOPLE BEHIND it that do. Google dropped their laughable motto about not being evil behind a long time ago. They are at least moderately evil now, like every other for-profit thing there is MUST be.
The Free/Libre Open Source Software movement and its proponents, boosters, users, and contributors are the most honest and trustworthy group you can find, among people who create software because unlike any for-profit entity, their intent is to create software for themselves to use and share with others, following the stone-soup paradigm of creation and development. By contrast, companies that publish software for money have to be viewed with at least mild suspicion. Their motives are to make money, rather than to make software they themselves want to use, and so it would be prudent to wonder what OTHER thing they are doing to make money, i.e., selling your data which they harvest. COULD someone in the FL/OSS movement do this too? Of course, but since the source-code is available to examine, theyâ(TM)d more than likely quickly get caught, exposed, and the time and effort they put into their software would end up having been squandered. Just saying. The only way to harvest your user base data, metadata, etc., and have any hope of doing it for any length of time and not get caught by convincing people to put software on their own devices that spies for you, is to ensure they cannot see the source. Even if you yourself are not knowledgeable enough for a code-audit or review, other people out there are. That doesnâ(TM)t mean that one should trust FL/OSS implicitly, but of software made on the closed-source versus open-source model, I find the open-source the one generally more worthy of trust. Usually. Come to think of it, maybe I SHOULD learn to code and start reviewing all the source code to my entire GNU/Linux install... hehehe, sure. I have time for that.
Our reign has gone on long enough. Indeed. Summon the meteors.
Good point, now where is my OSS phone?
Dennis Onstenk
So they're giving lawful bribes to the semi-official propaganda organs, presumably for a little extra "fake" in the fake news coverage of their disreputable business practices.
This is why only mindless tools still trust the semi-official media.
Very creative!
Facebook's PR firms seems to have hired rather higher quality shills than the usual Chinese/Russian/Soros fifty cent armies we've come to expect on Slashdot.
So how do you delete this data without deleting your account? What is the link to the "tool accessible via Web browser?"
As soon as you finish creating and open-sourcing it.
Bingo Dictionary - Pragmatist, n. A myopic idealist.
It's not a flaw; you are asked, on installing the app, for permission for it to read contact and message data. Most peoplke just click yes because most people are quite thick about these things really... I cannot believe that people are only just realising this stuff..
I predict that the next outrage will be when everyone realises that the FB and messenger apps also slurp WhatsApp messages from that app... (Possibly under the pretext of permission to read SMS Messages....). Remember that WhatsApp messages are only encrypted 'end-to-end' - if you are at one 'end' then you can read them in plaintext.
Can you delete Facebook though? My Verizon Android came with the Facebook app pre-installed, I agreed to nothing. I couldn't uninstall it but I could mark it not to run (supposedly) so that is what I did. Never had a Facebook account, never will.
But my daughter uses Facebook, my mother as well, so if I talked or texted them then Facebook has some of my information that I did not agree to them having.
If we require that the big credit bureaus make available a copy of our credit reports on a yearly basis for free, and we have the right to challenge any data on those reports such that they have to confirm or remove it, shouldn't we have the same rights with Google or Facebook? Shouldn't we be able to demand at least once a year for a full accounting of all information they have on us? And in the case of FB which I never agreed to share data with shouldn't I have the right to demand it be removed?