Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Facebook Android Communications Handhelds Privacy Social Networks Software

Why Does Facebook Need To Read My Text Messages? 293

DavidGilbert99 writes "Facebook updates its Android app quite a lot, but the latest version asks for some rather odd permissions. Rolling out in the UK this week, some users have noticed that it now wants permission to read your text messages. While most suspected Facebook wanted to access the data to try and serve you more targeted ads, Facebook says it is only so it can facilitate two-factor authentication...apparently."
This discussion has been archived. No new comments can be posted.

Why Does Facebook Need To Read My Text Messages?

Comments Filter:
  • Obvious answer (Score:5, Insightful)

    by Anonymous Coward on Tuesday January 28, 2014 @12:58PM (#46092235)

    Why Does Facebook Need To Read My Text Messages?

    Because shut up, that's why. If you ever want to hear from your "friends" again, you'll do exactly what we say without question. I'm certain you know that either you or your friends are too stupid or lazy to start and follow privately-hosted blogs, so sit down, shut up, and continue giving us data to mine. Idiot.

  • by tthomas48 ( 180798 ) on Tuesday January 28, 2014 @12:59PM (#46092243)

    Android needs to add two levels of permissions for much of this stuff. You basically have to ask for everything or nothing. I wanted to check network state in my current app, which requires asking for permission to change the user's networks. I don't want to change their networks. I just want to see if the network is up.

    • by AmiMoJo ( 196126 ) * on Tuesday January 28, 2014 @01:11PM (#46092383) Homepage Journal

      The problem is that such granular permissions are too complex for most users to understand. It's not such a good security model. Think about how endless permission messages on Vista lead to people blindly clicking "OK" all the time. Think about how parents were quickly trained by their kids to enter their PIN every time the iPad required it to play some game.

      Permissions are a very hard problem to solve, but I think the Android way of presenting them all up front at a high level does at least make it easy and most importantly very low time/irritation cost for the user to check them. Most people seem to be cottoning on to the fact that flashlight apps don't need network or phone access. Maybe power users could have a box to tick for extended granular permissions, but of course such users can get them via an app because they already have root.

      • Think about how endless permission messages on Vista lead to people blindly clicking "OK" all the time. Think about how parents were quickly trained by their kids to enter their PIN every time the iPad required it to play some game.

        I'd say that's more of a user problem than an interface problem, really. If it throws up a popup in front of the user saying, "This site is attempting to steal your credit card info" and the popup is green with a giant smiley face, *that* would be an interface problem. Ignorant users is not a design problem. Making it hard for users to figure stuff out would be.

        Security is not an Easy Button, for a number of reasons. Allowing all permissions in one chunk is the equivalent of signing your soul over in every

      • by mlts ( 1038732 )

        What I'd like to see is something similar to the old LBE Privacy Guard (which doesn't have a version in English for recent Android releases.) That way, even though an app might ask for everything under the sun, one can turn on functionality that prompts if an app can do something, similar to how iOS and BlackberryOS do things.

        For non-technical users, they can leave that off and either allow/deny apps on install. For more technical users, they can turn off a permission either explicitly (with an exception

        • I've found that most of the time the only permission I really need to deny is the ability to access the internet. Since Android has iptables that's easy, and there are front ends (I like AFWall+) if you don't want to use a shell script for it. The "Android Tuner" app can also apparently manage permissions, using the Xposed framework.
        • You mean like XPrivacy [github.com] ?
      • by JavaBear ( 9872 )

        I'd say at least have the ability to set if the requested permissions are read only, or read/write.

      • Permissions are a very hard problem to solve, but I think the Android way of presenting them all up front at a high level does at least make it easy and most importantly very low time/irritation cost for the user to check them.

        Out of interest, how many times do we need some app overreaching on permissions before people will finally accept that the all-or-nothing-big-old-list-of-permissions-with-no-context is actually a really crappy way of doing things that the majority of users blindly ignore because they

      • Oh, bullshit.

        Have all presented permissions as a selection process and have them all selected by default. In other words, make in an opt-out process. Maybe give a warning about possible malfunctions when a permission is deselected and an option for advanced users to suppress the warning.

        Users who know what they're doing and how to predict the effects of disabling certain permissions get more control over their data, everyone else will just accept the defaults as they always do anyway.

        It's not a difficult

    • by mythosaz ( 572040 ) on Tuesday January 28, 2014 @01:13PM (#46092401)

      ...while I agree, the next step is that applications start crashing when you revoke their permissions, or the authors simply refuse to let them run.

      Anyone who writes a program that makes its money by spying on you (while presenting you a game of Hearts), will simply stop dealing the cards when it can't read your text messages. HOSTS blocking already kills ads on a lot of software, but it's an arms race.

      The revenue model is the issue. We want 99 "free" apps.

      • by c ( 8461 )

        the next step is that applications start crashing when you revoke their permissions, or the authors simply refuse to let them run.

        A good sandbox makes it hard or impossible to find the sides of the box.

        The way things are implemented by Cyanogenmod's Privacy Guard, the application gets an empty data set and has no way to know if the permissions have been revoked. In the context of text messages, it might not even be able to tell the difference between having permissions revoked, being on a tablet without SMS

    • which requires asking for permission to change the user's networks.

      If all you want to do is query network state, you only need the ACCESS_NETWORK_STATE permission. Never heard of a "change the user's networks" permission but seems like it would only work with a rooted device anyway.

    • Android needs to add two levels of permissions for much of this stuff. You basically have to ask for everything or nothing. I wanted to check network state in my current app, which requires asking for permission to change the user's networks. I don't want to change their networks. I just want to see if the network is up.

      But they really do need to be able to read your messages to automatically verify blah blah blah. Not sure how to get around that. In the meantime, if you miss app ops and you have a rooted phone, xposed framework will let you have app ops xposed module to get it back.

  • Social Networking (Score:2, Insightful)

    by Anonymous Coward

    ALL - and I mean ALL - of these social networking sites and apps exist for one thing and on thing only - to extract your information.

    They have the data and know that they can manipulate your buying habits. You will not agree with this. I know you wont. But you are manipulable.

    We all are.

    It's NOT 'You will eat at Joes!'

    It's more like, 'Hmmm, I want to go out and eat, How about Joes?'

    That's all it takes.

    And with Big Data, they got us.

    • by Anonymous Coward on Tuesday January 28, 2014 @01:10PM (#46092373)

      I resent the notion that product trend manipulation works on everyone. It does not, and it doesn't have to. It only has to work on enough people to make it worthwhile.

  • by lesincompetent ( 2836253 ) on Tuesday January 28, 2014 @01:00PM (#46092261)
    Uninstalled the app, started using FB via browser. For my low intensity usage it's still perfect. Also links to click and youtube embeds work seamlessly now.
    Got no messenger installed too.
    • by CastrTroy ( 595695 ) on Tuesday January 28, 2014 @01:07PM (#46092339)
      As soon as I saw this I uninstalled Facebook as well. My battery life has improved a bit. Also recently uninstalled Google Talk (now called "Hangouts (Replaces Google Talk)") because it started asking for access to my text messages as well. I've noticed a lot of apps asking for increased privileges lately. I usually uninstall them if it's something I don't really need. I wonder if the developers get statistics about number of people who uninstalled the app?
      • by asavage ( 548758 ) on Tuesday January 28, 2014 @01:18PM (#46092467)
        Google hangouts wants to read your text messages as it is the default text message app for kitkat.
        • Yeah, but why try to push it on people with Gingerbread? To me, it just seemed like an app asking for permissions it had no business of asking for. I haven't used talk once since I got my phone. I think next time I need a new phone, I'm going to consider not going with Android. Not sure what all else is out there for cheap phones though.
      • by JesseMcDonald ( 536341 ) on Tuesday January 28, 2014 @01:24PM (#46092541) Homepage

        My battery life has improved a bit. Also recently uninstalled Google Talk (now called "Hangouts (Replaces Google Talk)") because it started asking for access to my text messages as well.

        That shouldn't come as too much of a surprise, since Hangouts is the app for text messaging these days. I just upgraded to a new Nexus 5, for example, and there is no separate Messaging app. Hangouts handles that function by default.

        Moving back on-topic, App Ops X is a good start, and I'm disappointed with Google for removing this function from the base system and making it increasingly difficult to install and use. Ideally I'd prefer for users to have complete control over permissions, in a way which is completely transparent to the app. The app doesn't need to know that network access is blocked; it just gets a "no signal" response, or "destination unreachable" when attempting to access particular domains. It doesn't need to know that you've restricted access to the contact list; it just gets its own, private contact list. It doesn't need to know you've restricted location access, it just sees "acquiring GPS signal...". And so on. If the app can see what you've restricted, then the app can be designed to refuse to function until you've removed the restriction, which defeats the whole point. The sandbox approach is the only reasonable way to have fine-grained permissions under the user's control.

    • by hacker ( 14635 )

      If you're doing that, might I suggest just using "Tinfoil for Facebook [google.com]", or use Orbot [google.com] + Orweb [google.com], and browse a bit more anonymously through Tor instead.

    • Uninstalled the app, started using FB via browser. For my low intensity usage it's still perfect. Also links to click and youtube embeds work seamlessly now.
      Got no messenger installed too.

      A thousand times this. The line for me was when my recent camera pics popped up in the app with a caption "do you want to post these to Facebook"? Uhh, fuck no Facebook and stop rifling your grubby mitts through my pics without asking me TYVM (Dropbox, Twitter, Google+ all have similar functionality but have an explicit settings for this).

      This is also a weakness in Android permissions IMO: many apps ask for USB access to store their own data but that means they can read everything under /sdcard including ph

  • The bigger issue is that Facebook is shovelware on most providers handsets.

    I had to go get Facebook, since I live on this planet, and have friends who use it to coordinate, you know, life. ...but at least I had a choice.

    Admittedly, people do have to sign into that big F icon. It doesn't just auto-authenticate.

    • by hacker ( 14635 ) <hacker@gnu-designs.com> on Tuesday January 28, 2014 @01:14PM (#46092415)

      You don't need to use the Facebook app on your phone, you can use the mobile version of the website, or if you're using Android (as is the case with the OP's gripe), you can use Tinfoil for Facebook [google.com].

      Remember to uninstall Facebook as an app and from ROM including the SNS service (not a typo), to completely rid your handset of that mess.

      If you don't want to do that, use Orbot [google.com] and the mobile site over Tor using the Orweb Privacy Browser [google.com].

      • Because of the shovelware issue, and mostly locked, un-rooted phones owned by people who can't root their phones by themselves [It's not easy for the general population], they don't have most of the options you suggest.

        Their best bet is to never logon to the shovelware version (good luck, grandpa!), and download an app that they've never heard of.

        I'd never heard of Tinfoil until today, but I'll check it out -- since, as I mentioned, Facebook is a necessary evil for me. I've got it set to the minimum number

        • Because of the shovelware issue, and mostly locked, un-rooted phones owned by people who can't root their phones by themselves

          It's not just can't root. If I root, I lose access to (at least) Netflix, if not others, so there's a tradeoff.

          • by Yebyen ( 59663 )

            Is that true?

            I have two rooted tablets, one running CyanogenMod and the other running KATKiss (both on 4.4/KitKat), and there are sometimes problems running Netflix, but by and large I'd say it works. The problems I've had most often were that videos would start playing, then the audio would continue but the video would freeze frame.

            I have a TV/BluRay player that does Netflix, so I don't really care. But last time I tried to watch a show on the tablet, it worked. (And I'm definitely still rooted.)

  • SMS Integration (Score:4, Informative)

    by ottothecow ( 600101 ) on Tuesday January 28, 2014 @01:02PM (#46092297) Homepage
    They want to be able to view your messages, so that they can do the same thing google is doing with Hangouts:

    Put both your SMS and your Instant messaging in the same app (just pushing facebook chat over hangout chat).

    • by Spoke ( 6112 )

      The last big update of Facebook Messenger for Android not long ago REMOVES the ability to send SMS messages. There is also no way to send SMS messages through the main Facebook app. Why would Facebook remove the ability to send SMS messages through their apps if their long-term goal was to be able to send SMS messages through their apps? IMO their goal is to have all messages routed through them directly instead of SMS, but they really screwed up by removing a feature that a lot of Android users used.

      Coinci

      • IIRC (and I may be wrong), the facebook SMS feature sent the SMS through facebook itself (i.e. using a data connection, not a carrier provided SMS). You could never send and receive your phone's own SMS messages through the facebook app.

        Hangouts doesn't send the SMS through data, but rather just becomes your phone's SMS client so that you receive SMS messages in Hangouts as well.

        My guess is facebook removed the feature since it was little used and cost money (since they had to operate as an SMS gateway

  • ... and many other apps. No idea why they really need those permissions just so users don't need to copy over a verification number. This is ridiculous... i wonder if they did research what more users would accept.. having their app require the permission to read *all* SMS .. or just requiring the user to occasionally type a one time password from the SMS app into the twitter/facebook/whatever app.

    this is really something android has to solve.. something like optional permissions for the lazy users who real

  • What Facebook wants to do is send a text message with a special code to your phone. Letting the app read your text messages allows the app to read the code automatically so you don't have to copy and paste from the messages app.

    • What Facebook wants to do is send a text message with a special code to your phone. Letting the app read your text messages allows the app to read the code automatically so you don't have to copy and paste from the messages app.

      But what else is the app reading in my text messages?

      • by Ken D ( 100098 )

        Reading the codes for all your other two factor authentication accounts. Like your bank account, or your brokerage account.

        There, didn't Facebook make life easy?

        SMS to your phone isn't such a secure channel for two factor authentication if every other app has access to it.

    • This is a perfect example of why is should be possible to give an app temporary permission to do something, or to selectively deny permissions. This type of authentication is something that only needs to be done once over the lifetime of the device. If I was using it, I would just copy/paste the code -- and someone who is less paranoid could allow the facebook app to read their text messages at setup time, and then deny that permission from that point on. Instead what we end up with is that after you've

  • by Java Pimp ( 98454 ) on Tuesday January 28, 2014 @01:07PM (#46092343) Homepage

    Facebook says it is only so it can facilitate two-factor authentication

    No need to question it further. A completely benign reason with no ulterior motive. Just allow it and be happy. Facebook wouldn't do anything against your wishes...

  • by QuietLagoon ( 813062 ) on Tuesday January 28, 2014 @01:09PM (#46092367)
    That is why facebook does anything it does, it wants to know all about you, your friends and relatives.

    .
    facebook even collects the posts you start typing but decide not to send [geekosystem.com].

  • by hacker ( 14635 ) <hacker@gnu-designs.com> on Tuesday January 28, 2014 @01:11PM (#46092379)

    I couldn't be happier now that I've completely purged Facebook and its hidden (SNS, not a typo) services from my ROM and phone, and frozen/deleted all of the other assets in other apps that try to "phone home" to Facebook. Side benefit is that after removing Facebook from my phone, I gained seven solid HOURS of battery life back. I didn't realize how often the SNS service and Facebook itself were sending and receiving data, phoning home, etc.

    The combination of Android Permission Manager [google.com], DroidWall [google.com] and LBE Security Master [lbesec.com] have made things much easier to block, delete, drop packets, deny and forbid services from trying to use unnecessary permissions.

    I guarantee that no app is doing what it shouldn't, and those that should have permissions (Camera => Take Photos Permission) are prompted every time they attempt to do so, never allowed by default. If I'm not using the Camera for example, and I get a popup that it tried to take a photo, I permanently deny it and remove/uninstall the app. I don't tolerate any of that out-of-band behavior on my phone.

    You should investigate the same. Yes, we all know about the L4 kernel, but this at least will help remove the abuse from the application level.

    • Out of curiosity. Have you actually gotten a popup about an app trying to use the camera like that or was it a "for instance"? If so, what was it? This is a serious question. I'm working on a project looking at rogue behavior like that.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      The combination of Android Permission Manager [google.com], DroidWall [google.com] and LBE Security Master [lbesec.com] have made things much easier to block, delete, drop packets, deny and forbid services from trying to use unnecessary permissions.

      Dear members, please remember that installing closed source software as root will automatically voids your paranoid member card.

      Permission Manager and LBE Security Master are both closed source, and need root to run. Not acceptable.
      Bonus points, LBE's home page is in chinese, no offense intended, just paranoid.

      On the other hand, Xprivacy does the same job and is GPL'd.
      By the way, Droidwall is severely outdated, you might consider trying its (open source) successor / fork, AFWall +

      Being paranoid is a full ti

  • by stevegee58 ( 1179505 ) on Tuesday January 28, 2014 @01:17PM (#46092453) Journal
    1) Go to "Account Settings"
    2) Press "Deactivate you account"
    3) Get an effin' life.
    • 1) Go to "Account Settings"
      2) Press "Deactivate you account"
      3) Get an effin' life.
      4) ???
      5) Profit!

      FTFY. You must be new here ;-)

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Tuesday January 28, 2014 @01:19PM (#46092479)
    Comment removed based on user account deletion
    • SoylentBook apparently...

      That's why my chosen mode of communication is Morse code using one time pads only. It works perfectly should I ever find someone else willing to communicate that way.

  • by barlevg ( 2111272 ) on Tuesday January 28, 2014 @01:26PM (#46092545)
    I recently installed Cyanogenmod on my old phone (HTC G2/Desire) so my wife, who's taken possession of it, could use some 4.x-only apps. I couldn't believe how beautifully it runs on a three-year-old phone (I mean, it's SLOW, but everything WORKS), and the lack of bloatware and pre-installed apps (read: Facebook) makes me super jealous. I'd put Cyanogenmod on my current phone (Samsung Galaxy Relay), but last I checked, there weren't any stable builds for it with an Android version greater than what I've got now (4.1).
  • Blackberry (Score:5, Insightful)

    by QBasicer ( 781745 ) on Tuesday January 28, 2014 @01:28PM (#46092561) Homepage Journal
    Blackberry actually had this right. Apps requested permission when you installed them, you could either allow, deny, or ask it to prompt you first. It would be really awesome if Android had that feature too.
  • by krelvin ( 771644 ) on Tuesday January 28, 2014 @01:48PM (#46092813)

    Simple. They want to be able to get a status from SMS text and the only way to get that is to get permission to the SMS Messages. There is no finer permission level in Android to just give them what they need without access to the rest.

    I just block that access since I don't want to use their messaging anyway. Blocked with Root, Xposed Framework, XPrivacy to control which permissions I want to allow them to have.

  • I saw that odd permission request today, fuck me if I ever update this crapware again
  • ...is why I have never installed the app in the first place. Using the browser works perfectly fine, and doesn't let Fuckerberg mine my phone.

  • by Theovon ( 109752 ) on Tuesday January 28, 2014 @02:12PM (#46093119)

    I don’t know why this is so hard for people to understand. Facebook’s primary source of revenue is ads. Just like Google. They increases the probability that you’ll click on one by examining every last bit of your data that goes through their system. That’s the whole thing in a nutshell.

    It amazes me that people are surprised by this.

    Don’t put anything on the internet that you don’t want Facebook, Google, the NSA, and every one else looking at. If you store something encrypted on the internet, there’s a chance someone will hack it and get your data anyway. NOTHING IS PRIVATE ON THE INTERNET. Yes, I have a Facebook account, which I use rarely to connect with friends and family. I don’t talk about anything sensitive, and I don’t publish any information that isn’t the sort of thing I would be embarrassed to appear on my LinkedIn profile, which is something I WANT people to see.

    The key here isn’t to to complain about Facebook’s policies. That isn’t going to change because 99% of people just accept them anyway. The key is to avoid those services if you object to them. There are many other things in life that make you become publically visible, not limited by any means fo Facebook. Perhaps you want to avoid those too. Good. If ultimately the majority of people decide they don’t like being probed like this, perhaps Facebook will chance. But probably not because they’ll still have a billion users.

    Some really stupid picture of you getting drunk from 5 years ago is still on the Internet somewhere, and employers WILL find it. I think this is awesome. In this economic environment, I’m very glad to have more ways that people remove themselves from competition with me when I’m looking for a job. Some people just don’t do really stupid things, while others are forward-looking enough to keep them from getting published. Either way, those are the sorts of people I want to hire in preference to jackasses who think it’s funny to show everyone how stupid they are.

    • You understand that this very rant is a good excuse for someone to not hire you, right? It isn't just drunk pictures, it's opinionated text that's a danger as well. Opinionated as in, not the same opinion as theirs.
    • by sinij ( 911942 ) on Tuesday January 28, 2014 @04:39PM (#46094755)

      >>>Don't put anything on the internet that you don't want Facebook, Google, the NSA, and every one else looking at.
       
        This is a very good advice that I followed to the letter when I killed my sister and buried her body in my backyard so I could collect insurance money.
       
        -Bill from KY, Carlisle County

  • Is Facebook still a thing? After all we've seen, is it a legitimate product, or just an ad machine operating on top of an information gathering tool?

  • by onepoint ( 301486 ) on Tuesday January 28, 2014 @02:35PM (#46093409) Homepage Journal

    I did not really think to much about privacy until this update.
    Now I am slowly deleting and detoxing from facebook
    while I did not give a hoot before, now I can only wonder why I did not do this sooner.

  • by ilsaloving ( 1534307 ) on Tuesday January 28, 2014 @03:41PM (#46094161)

    When I was deciding on a tablet, I was waffling on what to get but the issue of privacy ended up being the thing that decided me.

    With Android, you have no choice but to accept the permissions that an app insists on. Either that, or don't use the app. Combine that with Google stating outright that they plan on *reducing* privacy protections, I wasn't happy.

    Then I researched the privacy protections in iOS. You have the ability to selectively deny or allow what an application is allowed to see, and can change your choice later on if you change your mind. Say what you will about Apple, but at least they're making a decent effort in this regard.

  • by cuby ( 832037 ) on Tuesday January 28, 2014 @05:38PM (#46095339)
    My nexus S was getting slow and I needed another phone. For some time I was seeing google changing open applications for closed ones. I already knew that the permissions on android were broken. I never installed LinkedIn because of the calendar permission... No reason for that! And then I see this Facebook update and an older one asking to authorize the keyboard to access the internet... Why?? I talked with some Friends with iPhones and I got convinced that iOS protects me better. I bought a second hand iPhone 5.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...