Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Acknowledges It Has Been Keeping Records of Android Users' Calls, Texts (slate.com)

Posted by BeauHD on from the finger-pointing dept.

Last week, a user found that Facebook had a record of the date, time, duration, and recipient of calls he had made from the past few years. A couple days later, Ars Technica published an account of several others -- all Android users -- who found similar records. Now, Slate Magazine is reporting that Facebook has acknowledged that it was collecting and storing these logs, "attributing it to an opt-in feature for those using Messenger or Facebook Lite on an Android device." The company did however deny that it was collecting call or text history without a user's permission. From the report: "This helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook," the company said in a post Sunday. "People have to expressly agree to use this feature. We introduced this feature for Android users a couple of years ago. Contact importers are fairly common among social apps and services as a way to more easily find the people you want to connect with."

Ars Technica refuted their claim that everyone knowingly opted in. Instead, Ars Technica's Sean Gallagher claimed, that opt-in was the default setting and users were not separately alerted to it. Nor did Facebook ever say publicly that it was collecting that information. "Facebook says that the company keeps the data secure and does not sell it to third parties," Gallagher wrote. "But the post doesn't address why it would be necessary to retain not just the numbers of contacts from phone calls and SMS messages, but the date, time, and length of those calls for years."

63 of 97 comments (clear)

  1. Of course it has by registrations_suck · · Score: 4, Insightful

    These companies every piece of information about you that they can. That's their business model. How can anyone be surprised at things like this?

    1. Re:Of course it has by TWX · · Score: 5, Interesting

      People that work in technology routinely skip the EULA, and those are the people that know better.

      If those people don't read the fine-print, do you expect any average nontechnical person to read through the fine-print when they're just trying to install an app on their phone to make it easier to use than the web version?

      This kind of crap is why I didn't sign-up for Facebook to start with. They might not be breaking the letter of the law, but to my view they appear to be fundamentally dishonest.

      --
      Do not look into laser with remaining eye.
    2. Re:Of course it has by nehumanuscrede · · Score: 4, Interesting

      People all over the spectrum skip the EULA because they're usually:

      1) Written in legalese
      2) 967 pages long
      3) In size 8 font
      4) Changes almost monthly

      AND

      Exactly three sentences worth of information that are of any importance are buried so damn deep in the typical EULA, that it's akin to finding a needle in a haystack.

      IMO, if they want it to be binding, they need to remove the important stuff from the jungle of bullshit they intentionally hide it in and let people know exactly what it is they're getting themselves into. The average person should not require a Law Degree just to read and fully understand a damn EULA.

    3. Re:Of course it has by war4peace · · Score: 5, Informative

      I've seen quite a few short, informative, clear EULAs, but they're exclusive to indie groups/solo developers.
      Any EULA coming from a behemoth company is unreadable.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    4. Re:Of course it has by thegarbz · · Score: 1

      This is all generally right, but in this specific case their EULA talking about uploading of the information was literally 41 words long forcing you to click "Turn On" or "Not Now" (45 words if you include reading the text on the buttons)

      You people make waaay too many excuses for users.

    5. Re:Of course it has by RazorSharp · · Score: 2

      4) Changes almost monthly

      This is probably the most important point. By agreeing to one EULA, you agree to any arbitrary changes that can be made at any time. That shouldn't be legal, but as a country we've been reluctant to regulate what can and cannot be included in a contract. As you point out, one shouldn't need a law degree to understand the contractual agreement for a basic piece of software.

      I think that there should be legislation that limits what can be in an EULA, as well as preventing any sort of language that refers to the software purchase as a lease in the EULA when not expressly stated at the time of purchase. The App Store (or wherever the software is bought) ought to say "lease for $xx" if you don't actually own the software. If it says "buy for $xx" or just the price, it's implicit that the purchaser will own it outright, not that they will lease it. It's sad because there's so much good that could be achieved through legislation, yet those who have the power to enact it only use it for nefarious means.

      --
      "From the depths of my skeptical and rationalist soul, I ask the Lord to protect me from California touchie-feeliedom."
    6. Re:Of course it has by war4peace · · Score: 1

      I was talking about EULAs in general, I admit I don't know what the EULA was in this particular case.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  2. Check yo'self FB users.. by Arzaboa · · Score: 1

    When a company, like Facebook, is in an argument with its users, that the users DID know something, in other words, that the users were wrong, its gotten bad. When a company that seems to basically own their users, as they catalog their users every thought and action, concessions about them being respectful and honest about privacy are important. Not only does it look like Facebook own their users, they are telling them to check themselves.

    --
    "Without Galileo, we wouldn't have gone to the moon" - NASA Scientist

    1. Re:Check yo'self FB users.. by fafalone · · Score: 1

      It may have changed but when I set it up on my phone last year I specifically remember being asked, and said no. Checked again now and it's still off in both FB and Messenger. Maybe the issue is that monitoring isn't a clear consequence of continuous contact synching. That users didn't read a pop-up and just clicked ok isn't exactly far fetched though.

    2. Re:Check yo'self FB users.. by the_B0fh · · Score: 1

      That's because it's a recent change. In the past, FB app asks for all the rights it can get, and on Androids, it's a yes or no to running the app. If you said yes, you just gave it all the permissions it asked for.

  3. I haven't had a Facebook app on my device in years by pecosdave · · Score: 3, Insightful

    and this is partially why, along with raping my battery.

    Can't tell me wanting to collect this data isn't part of why they try to strong-arm you into using their apps by intentionally cutting down on what they'll allow you to do with a mobile browser.

    --
    The preceding post was not a Slashvertisement.
  4. Users should have by AHuxley · · Score: 1

    never trusted social media.
    If they had to, PRISM should have been the point to stop and remove all accounts.
    Now years later again the reality of what social media as an ad company and a gov helper can do is understood.
    Find a better way to be online that does not have your data kept by a big band for years.
    Keep your data safe from US party politics and big brand censorship.

    Just say no to social media.

    --
    Domestic spying is now "Benign Information Gathering"
  5. Actually An Opt-Out by crunchygranola · · Score: 5, Insightful

    A "default opt-in" is known as an "opt-out" to everyone but shills (or marketing, more or less the same thing).

    --
    Second class citizen of the New Gilded Age
    1. Re:Actually An Opt-Out by thegarbz · · Score: 1

      It's an opt nothing. You have to click Turn On or Turn Off in the 3rd window presented to you order to actually start Facebook the first time.
      Opt In or Opt Out implies there's some hidden default that I need to go in and change.

      Calling what Facebook is doing Opt-Out really waters down what should be actual anger towards actual nefarious opt-out cases.

    2. Re:Actually An Opt-Out by Spamalope · · Score: 1

      Has anyone tested to verify if FB has continued their older practice of hoovering up all the data at install time prior to the user being able to make any choices? I had honeypot contacts with email accounts in my iphone 4. They received 'join FB' emails after installing the FB app and disabling all the data collection before first use. I've assumed FB is just taking everything no matter what they say since then.

  6. Re:I haven't had a Facebook app on my device in ye by jrumney · · Score: 4, Insightful

    I had it for about 6 months in 2011, before tracking battery drain to it. I think it has probably improved since then, but I got used to checking facebook via the web page on my own terms, rather than getting spammed with notifications all day. Then I noticed them trying to push me back to the app, first by taking Messaging away from the mobile web interface, and more recently by popping up messages about my friends posting time-limited stories that you need the app to view. When they started that tactic, I took it as a sign that the app was doing something nefarious, so it just made me more determined to avoid it.

  7. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  8. It boggles the mind... by Anonymous Coward · · Score: 1

    that people, knowing just how bad this and similar companies are, continue to use the products. You are the product when you use Facebook, et al. Unless you are paying for a service, you are the product. I have never has a social media account and never will. I saw the writing on the wall even before they became the behemoths they are today. As a long time IT security practitioner, I'm staggered that when year after year of these "revelations", no one begs off. No one is suddenly awakened. I happily pay for my own services and roll my own for more security-related needs. Anyone with a modicum of common sense will avoid these privacy-killing services.
    Now, having said all this, I'll likely be flamed for whatever reasons, but that's OK. I've seen and heard enough to know I'm in the right. I never understood why people knowingly flock to services that are going to fleece them with regards to privacy.

    1. Re:It boggles the mind... by Spamalope · · Score: 1

      Network effect. All of the people I need to communicate with are using FB, many exclusively.

      That doesn't mean I need to give FB so much info though, nor that I can't keep feeding it disinformation. That's the neat thing about a compulsive data hoover - you can keep feeding wrong info into it.

    2. Re:It boggles the mind... by webnut77 · · Score: 1

      that people, knowing just how bad this and similar companies are, continue to use the products

      This reminds me of the song The Snake. Note the last verse:

      "I saved you", cried the woman
      "and you've bit me even , why?"
      You know your bite is posionous and now I'm gonna die"
      "Oh shut up, silly woman", said the reptile with a grin,
      "You knew damned well I was a snake before you took me in".

  9. Re:I haven't had a Facebook app on my device in ye by b0s0z0ku · · Score: 2

    F'book Messaging works fine in Opera for Android, or if you change your UserAgent string to pretend to be Opera.

  10. Baked in No unintsall by wolfheart111 · · Score: 1

    Got a new phone... cant uninstall FB bloat... WTF. Rooting a phone should not validate the warranty...

    --
    [($)]
    1. Re:Baked in No unintsall by Anonymous Coward · · Score: 1

      This is why I only buy phones and use carriers that allow full unlocking right out of the box ("full" as in carrier unlock and bootloader unlock). I also make sure LineageOS runs on it.

      Motorola phones and T-Mobile carrier are particularly good about this so that's usually what I go with.

    2. Re: Baked in No unintsall by Bing+Tsher+E · · Score: 1

      Rooting your iPhone doesn't void it's warranty?

    3. Re:Baked in No unintsall by pnutjam · · Score: 1

      you can remove apps using adb, no root required.

      --
      Cheap storage VM.
    4. Re: Baked in No unintsall by TheFakeTimCook · · Score: 1

      Really? I'm pretty sure you're stuck with APL services, which means they track the fuck out of you.

      If you actually believe them that they say they don't? "No reasonable person would believe [us]". =P

      Prove it.

    5. Re: Baked in No unintsall by TheFakeTimCook · · Score: 1

      Rooting your iPhone doesn't void it's warranty?

      What's Rooting got to do with it?

      And in fact, in iOS 11, Apple has removed the automatic integration of FaceBook and Twitter.

      https://www.axios.com/apple-re...

      And the FaceBook App is just another App, and can be Removed like any App D/Led from the iOS App Store. No "Jailbreaking" or "Rooting" Required.

      Also, from what I can tell, even with the "Integration" of FaceBook and Twitter Sign-Ons in iOS 10, looking on my iPhone running iOS 10, the FaceBook and Twitter Apps don't appear to be installed, unless I go to the App Store and download/install them.

      Poor, trapped, Android users...

       

    6. Re: Baked in No unintsall by Bing+Tsher+E · · Score: 1

      Nobody is trapped. Unless you use a burned-in Facebook app, it is just a chunk of inert binary. If you never log onto Facebook with it, it's nothing. And the amount of space it's taking up is irrelevant. I have a 128mb SD card in my phone. No space problem at all. It's a $120 Virgin Mobile phone, by the way. You can't get 128gb in any Apple gadget for less than four times that much.

    7. Re: Baked in No unintsall by TheFakeTimCook · · Score: 1

      Nobody is trapped. Unless you use a burned-in Facebook app, it is just a chunk of inert binary. If you never log onto Facebook with it, it's nothing. And the amount of space it's taking up is irrelevant. I have a 128mb SD card in my phone. No space problem at all. It's a $120 Virgin Mobile phone, by the way. You can't get 128gb in any Apple gadget for less than four times that much.

      But from other Posters' comments, I take it that some pretty large Android players, like Samsung, DO include a "Burned-In" FB App. Or mightaswell be "Burned-In", because it is undelete-able.

    8. Re:Baked in No unintsall by unixisc · · Score: 1

      Given that there are so many Android phones out there, how hard was it to check in advance that the phone didn't include unwanted apps, like Facebook? I have had a number of Android phones over time - a Mot X, an HTC, and on the tablet front, 3 Verizon Ellipsis tablets. None of them ever had Facebook, and the one that did, HTC, I had no problems deleting the app

  11. Re:Thats the Seed by wolfheart111 · · Score: 1

    To their demise.... Its shouldn't take long.

    --
    [($)]
  12. Idiots may opt in. by EzInKy · · Score: 2

    But Facebook doesn't just track the idiots, it tracks everybody those idiots interract with whether they are a Facebook user or not. That is exactly what the government needs to crack down on and crack down hard.

    --
    Time is what keeps everything from happening all at once.
    1. Re:Idiots may opt in. by tgeek · · Score: 2

      But Facebook doesn't just track the idiots, it tracks everybody those idiots interract with whether they are a Facebook user or not. That is exactly what the government needs to crack down on and crack down hard.

      So true. Actual incident that happened about a year ago: I was sitting at home on a Sunday afternoon. I get a call on my work cellphone -- I keep a separate personal cellphone and never mix the two: never work stuff on the personal and vice versa. The call is from somebody at work from a completely different department who I never have dealt with before. Ordinary phone call - we talk a few minutes and I resolve an issue he was having. The strange thing is, the very next day that same person popped up as a friend suggestion on my personal cellphone with FB app installed.

      It was disturbing to me how FB made that connection to me from just a phone call. Looking back now, I can speculate that he added me as a contact on his phone before/during dialing and his FB app harvested that. From there I guess it was simple (I have an unusual surname) to link that phone call to an otherwise unrelated FB account.

      Now you may be thinking "Yeah, well that's what you get for having a FB account" - but I would counter that whatever I do on the personal side is fair game, but I never gave any consent to allow FB to bridge my personal and professional business.

    2. Re:Idiots may opt in. by thegarbz · · Score: 1

      I'm surprised you weren't recommended that friend based on location alone. I was working at a plant in Germany for 2 weeks and one of the guys I was with who we never shared any contact details with had me as a suggested friend on his Facebook when he was using it at lunch. Based only on the fact that we were both in the same area a lot.

    3. Re:Idiots may opt in. by Lab+Rat+Jason · · Score: 1

      You've made a bit of a logic error. Facebook themselves already had (and still has) data on over 2 billion users. The 50 million user number is the number that Cambridge Analytics got access to (a subset of all FB users).

      --
      Which has more power: the hammer, or the anvil?
    4. Re:Idiots may opt in. by Lab+Rat+Jason · · Score: 1

      This is the creepiest part of it all. On Instragram (owned by Facebook) I recently got a suggestion to follow my ex-father-in-law. It specifically used the language "follow your friend ". I've NEVER given Instagram permission to look in my contact list, but it regularly suggests I follow people and explicitly states they are in my contacts . I deleted my FB account years before I started using Instagram, and have never installed FB on my current phone, yet here we are.

      I can imagine an situation where a victim of some crime goes to court to confront their assailant, and during a break in the trial, FB suggests they friend the attacker. For a social media platform, they are really, really, socially inept. And don't get me started on LinkedIn... they're just as bad.

      --
      Which has more power: the hammer, or the anvil?
    5. Re:Idiots may opt in. by pnutjam · · Score: 1

      Yeah, facebook is creepy like that.

      --
      Cheap storage VM.
    6. Re:Idiots may opt in. by pnutjam · · Score: 1

      Check out http://mewe.com./ It looks like a good solution to recommend where people insist on using facebook, like pto's, sports groups, etc.

      --
      Cheap storage VM.
  13. Re:I haven't had a Facebook app on my device in ye by jrumney · · Score: 3, Informative

    It works fine in Chrome too if you enable the "Desktop site" setting.

  14. fuck the EULA by Anonymous Coward · · Score: 1

    These are written by gobs of lawyers over a long time span with much thought, and you are supposed to breeze thru these in seconds and accept?

    "...a better experience across Facebook" ???

    These are records the Stasi would get wet dreams over. The fact it is obviously obscured shows nefarious intent.
    Dump and erase anything Facebook. These people are evil.

  15. Re:I haven't had a Facebook app on my device in ye by antdude · · Score: 1

    I never downloaded, installed, and used its app!

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  16. Re:I haven't had a Facebook app on my device in ye by Bing+Tsher+E · · Score: 1

    Why would you have ever run the Facebook app for them to have recorded a login for you to it?

  17. At what point do people wake up... by mycroft16 · · Score: 1

    and realize they aren't the customer of companies like this... they are the product.

  18. Disputed by Anonymous Coward · · Score: 2, Interesting

    Ars Technica refuted their claim that everyone knowingly opted in.

    Disputed, not refuted. Refuted means to prove wrong. It is a very useful and specific word. Why dilute it just to sound "fancy" when there already is a word that means *exactly* what is intended?

  19. Re:The thief used the open door by shilly · · Score: 1

    Specifically not Apple. Apple makes money from selling you a device, not from selling your data. That's why this story is about what happened to Android users.

  20. Only Android by shilly · · Score: 2

    Surely it's noteworthy that FB was only able to behave this badly on the Android platform. Whether it was for technical or policy reasons, it wasn't possible on iOS.

    1. Re:Only Android by TheFakeTimCook · · Score: 1

      Surely it's noteworthy that FB was only able to behave this badly on the Android platform. Whether it was for technical or policy reasons, it wasn't possible on iOS.

      Technical. Facebook doesn't give a shit about "Policy".

    2. Re:Only Android by shilly · · Score: 1

      Agreed, FB certainly doesn't. But Apple can enforce policy by controlling what's allowed on the App Store. Maybe that's a mix of technical and policy?

    3. Re:Only Android by TheFakeTimCook · · Score: 1

      Google can do that, too, with the Play Store.

      They. Just. Don't.

      Or at least not as much as they should.

  21. Re:I haven't had a Facebook app on my device in ye by bill_mcgonigle · · Score: 2

    I don't wan't vulgar posts from my crazy niece to appear on the screen of my work device

    Why are you logged in to your personal FB on your work device?

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
  22. Re:I haven't had a Facebook app on my device in ye by war4peace · · Score: 2

    Because some employers are OK with that. Because carrying two or more phones is generally a stupid idea. Because he can.

    --
    ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  23. Re:The thief used the open door by TheRaven64 · · Score: 1

    Apple does; however, run iAds, which is an ad service for in-application adverts on iOS devices. This means that their incentives aren't quite so clear cut.

    --
    I am TheRaven on Soylent News
  24. Approved permissions? by wardrich86 · · Score: 1

    Doesn't it only have the ability to do this for the people that gave it permission to access SMS on their device? Seems kind of click-baity.

  25. Re:I haven't had a Facebook app on my device in ye by pnutjam · · Score: 1

    WIthout root, you can still remove builtin apps.

    http://www.lmfgtfy.com/?q=remo...

    --
    Cheap storage VM.
  26. Re:The thief used the open door by TheFakeTimCook · · Score: 1

    Apple does; however, run iAds, which is an ad service for in-application adverts on iOS devices. This means that their incentives aren't quite so clear cut.

    Ahem.

    iAds was COMPLETELY DISCONTINUED nearly two years ago.

    https://en.wikipedia.org/wiki/...

    Do try to keep up, Hater.

  27. Re:The thief used the open door by TheFakeTimCook · · Score: 1

    Specifically not Apple. Apple makes money from selling you a device, not from selling your data. That's why this story is about what happened to Android users.

    Exactly what I came here to say.

  28. Re:I haven't had a Facebook app on my device in ye by q4Fry · · Score: 1

    I have somewhat of a similar story, but it gets me to wondering whether the time when I did have the app was in the wild west of Android permissions that the articles are talking about.

  29. first Android fail by epine · · Score: 1

    I waited a long time to get my first mobile phone. The first thing I looked for was a security click-box on my address book "just tell every app. that tries to access this to fuck off" unless I tell Android at the system level otherwise (there would be no possible way for the application to prompt for or request this change).

    404.

    My relationship with Android started off sketchy, and only went downhill from there.

    I did eventually find a way: install no apps at all.

    So now it's just a shiny phone with a Google keyboard and a Chrome browser and that suffices. When Chrome is not open, the WiFi and data modem are always disabled.

    Almost a security model that makes sense.

    Also, I enjoy saving the $5/month for not having even a pittance of a data connection, because it drives my telco's billing department absolutely mad. Some machine learning algorithm is busy tying its nickers into a knot trying to invite into a higher revenue-bracket future. Somewhere out there, there's a Telus middle manager crying giant tears onto his monthly "conversion" report because of me.

    With a security model I could tolerate, I'd probably have dozens of apps and full-time data service.

    Android fail.

  30. Re:I haven't had a Facebook app on my device in ye by pecosdave · · Score: 1

    It also works in the Last Pass browser - which is basically a customized Firefox for Android.

    --
    The preceding post was not a Slashvertisement.
  31. Re:The thief used the open door by TheRaven64 · · Score: 1

    Interesting, thanks - I didn't see an announcement when it went away. It appears that the few ad-supported things on my iPad are using Google Ads now. Good move for Apple, because it removes a big conflict of interest for them, but not so great for people running ad-supported software on Apple devices because now it's all being served by companies that do a lot more tracking...

    --
    I am TheRaven on Soylent News
  32. Re:The thief used the open door by TheFakeTimCook · · Score: 1

    Interesting, thanks - I didn't see an announcement when it went away. It appears that the few ad-supported things on my iPad are using Google Ads now. Good move for Apple, because it removes a big conflict of interest for them, but not so great for people running ad-supported software on Apple devices because now it's all being served by companies that do a lot more tracking...

    From what I heard, iAds was never very popular/successful, anyway. So, I don't think Apple Management had much in the way of App-Vendor pushback when they decided to pull the plug.

    I agree that it helps Apple stay more of a "We are a Hardware-Products Company" focus. But I am surprised they are approving Apps that are using Google Ads. I just ignore all that detritus, anyway.

  33. Re:I haven't had a Facebook app on my device in ye by unixisc · · Score: 1

    Depends on the phone/tablet. I have an HTC phone and a Verizon Ellipsis tablet, and neither of them has Facebook on it

    Besides, even if Facebook is there, unless one logs in, or has in the Account settings the same email address as the one used in the Facebook account, why would that matter in the first place?

  34. Re:The domo's were fake by wolfheart111 · · Score: 1

    The demos at staples were fake plastic cutouts. :(

    --
    [($)]