Facebook Scraped Call, Text Message Data For Years From Android Phones (arstechnica.com) 61
An anonymous reader quotes a report from Ars Technica: This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received. This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us -- my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata. In response to an email inquiry about this data gathering by Ars, a Facebook spokesperson replied, "The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it's a widely used practice to begin by uploading your phone contacts." The spokesperson pointed out that contact uploading is optional and installation of the application explicitly requests permission to access contacts. And users can delete contact data from their profiles using a tool accessible via Web browser.
If you granted permission to read contacts during Facebook's installation on Android a few versions ago -- specifically before Android 4.1 (Jelly Bean) -- that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017 -- the point at which the latest call metadata in Facebook user's data was found. Apple iOS has never allowed silent access to call data. You are able to have Facebook delete the data it collects from you, "but it's not clear if this deletes just contacts or if it also purges call and SMS metadata," reports Ars. Generally speaking, if you're concerned about privacy, you shouldn't share your contacts and call-log data with any mobile application.
I find ANDROID'S behavior to be weird and creepy, and that is why I have always avoided them. And the whole thing just seems completely useless and pointless.
Fixed that for you because really this is a Android problem, not Facebook, because Android is the one that allows developers to request all this and store it. Apple didn't have this problem. How many other apps are still stealing android user data?
And it has been from the beginning. Zuckerberg called his first few thousand users "dumb fucks" for trusting him with their data, and that's how he's built the whole thing: screw people and their data.
Now it shows.
What surprises me the most is how this did not happen before.
What surprises me the most is how this did not happen before.
What surprises me the most . . . is that I am NOT surprised at these recent revelations. It's exactly what I suspecting that Facebook was doing, "under the covers" . . .
However, I am certain, that in the coming days, something Facebook is doing WILL be revealed that will surprise me. Oh, and that will probably be something *really* frightening, like:
"Facebook collects data on US military service personnel and sells it to Islamist organizations."
"Facebook tracks location data of Russian dissidents and
It's ever commercial app, not just fb (Score:5, Insightful)
This is why I had to uninstall my bank's app after a new version demanded access to contact list, etc. I never install the customer loyalty apps from any of the chain stores or restaurants; they all want this stuff and it's too instantaneous to say "oh, just use targeted permissions after installation". Nope; it will suck down your contacts and sms history faster than you can switch over to lock it down.
This is why you look at the app permissions before installing and app. I was the only person I know that said, "Hmm, why does Facebook need to read my call history and contact lists?"
People generally ignore what comes up because stock Android until recently didn't let you say "Oh, Facebook wants access to my call history huh? Well, I'll install it but not let it have that. Even now, rather than fail gracefully, Android tells the app that it's been denied a privilege so it can refuse to work until you give it what it demands.
For Facebook users, the option was no app, or trust Facebook. Which, to be fair, they were already doing, so it's not surprising they installed the app anyway.
T
I had fake honeypot contacts when I first installed the app. The installer at the time had no option to disable contact collecting. There was an option in the app. So the app collected that info during install before you could get to the option based on honeypot hits. At least a few updates reset the app to allow max info collection. With auto updates, FB would again begin grabbing info silently and transparently.
I must say I'm stunned, just stunned to hear allegation
Not that anyone reads the privacy policy [facebook.com].
It's really hard for me to feel outrage about this......something that's been a problem for years, and now they went a little farther so you are worried?
To be fair, this is well known. If you install the Facebook App on your phone you are granting Facebook carte blanche to hoover up everything on your phone - and even listen to your calls. If people choose to ignore the "advisory" notes that go with the installation and select grant permissions to access everything anyway...then what else do they expect?
The story makes it sound as though Facebook was doing something underhanded and nefarious. They were ONLY doing what the API allowed them to do. Where is the anger toward Google for allowing this type of access in their API? I'm not sure how the Android version of Facebook works, but when you install the iOS version, it explicitly asks you if you want to give the app access to your contact list, you DO have the option to decline.
The permissions were fixed in the app store and sideloaded/preloaded apps, like facebook often was had whitelisted access by default.
Most of the major carriers not only preloaded facebook, but in some cases made it an internal app, meaning you couldn't delete it off your device unless it was jailbroken (you could disable it, but carrier updates or other changes seemed to cause it to reenable itself.)
I spent a great deal of time upon making the transition to smartphones replacing stock firmware images precis
it's all your fault for being a fool.
It's OK though, you can close your account now and move to a more reliable and open alternative. It's been in use for about 100 years and is better in every way. It is called....
---> Ham Radio.
Just got a new antenna, by the way. 6 band cobweb 20-17-15-12-10-6 , it's working great and still have my vertical for 80/40 meters.
I have done the obvious thing though. Plant a bunch of false information for them to hoover up as well. Poisoned stalker database is best database.
When will someone make a web plugin that uses peer to peer to randomize FB cookies between users to screw up all the web metrics?
GAP Titan DX, and 256' center fed dipole...
>"Facebook Scraped Call, Text Message Data For Years From Android Phones"
I still fail to understand why this is a surprise to anyone. All this crap has been in the media for years. Can't use fake name, makes links without permission, makes connections with others without asking, sells your data to other companies, sucks up your history from every site you visit, tracks you everywhere you go, watches everything you do, demands your phone number and Email address and other contact information, and demand
Has back doors for government access (and probably without due process)
In the slim chance case it didn't, it does now [eff.org]. Any government from any country now can get it no questions asked.
Seriously. Google and Facebook are on the same side. Google wants themselves and others to make money from your data.
Part of Appleâ(TM)s lockdown policy is so that these apps canâ(TM)t hoover every little bit of personal data from your phone. Unlike google, Apple have far more to gain by protecting your privacy.
>"I don't even have a Facebook account but plenty of my friends do and I'm sure some of them use Facebook on their phone. So how do non-users get their info removed? This is non-public information that I never agreed to share with Facebook."
Answer: You can't
If you are not sure what is deleted, just wait 2 months. Then GPDR will come into force and FB will have to DELETE everything upon request. Or cease functioning (the fines are gargantuan).
This is of course if you live in civilised world where the regulation have force. If you live outside EU – tough luck, consider moving.
Users had to allowed access to contact data. If you don't know exactly why an application needs to have access to X, don't allowed it, flat out. They're many, many, many, application that I won't allow on my phone because they simply ask for permissions that they couldn't need access to, for a practical reason. Extending this, who uses unencrypted message application, even for SMS? This entire issue breaks down to users whom don't understand what they were doing and why they shouldn't of just clicked al