Facebook scraped call, text message data for years from Android phones

Android&#x27;s permissions system for stuff like that is indefensible. Anything with severe privacy implications like &quot;years of text message history&quot; should explicitly opt-in with a permission request popup at runtime like iOS has done for features like camera since launch.<p>Of all the things to not copy from iOS, of course privacy is the one that they decide to skimp out on. I&#x27;m glad they&#x27;ve started to catch up, but they have a ways to go yet.

I removed my phone number from Facebook profile months ago. Now and then, Facebook still asks me if &quot;XXXXXX&quot; is my number? Once I unintentionally linked my Facebook account with my insta account. And then I started getting follow suggestions from people in my Facebook friend list. I tried many thing to de-link the accounts. Ultimately, I created a fake Facebook account and linked it to my insta.<p>Once you give something to Facebook; it&#x27;s never truly erased.

I realize that it&#x27;s too late to cry over spilled milk, but that was one of the reasons for which Firefox OS was developed. We wanted to push a different permission model in which permissions were much more fine-grained and could be audited and revoked easily. Sadly, one of the reactions of the development community (including HN commenters) at the time was along the lines of &quot;Android is just fine&quot;.<p>I understand that recent versions of Android have moved towards adopting a permission model closer to that of Firefox OS, though, and I suspect that the example given by Firefox OS at least showed that it was possible.<p>P.S.: Yes, Firefox OS had other problems. Let&#x27;s not try and idealize the past :)

What’s the supposed justification for scraping text message data? I mean the contact list could be justified as a means of cross referencing friends. I’m having a hard time coming up with a <i>legitimate</i> use for text message data. Best I’ve got is “<i>who do you contact regularly?</i>” which is still insanely creepy.

Funny how this is popping up now (presumably because some guy noticed his call logs were in his facebook data download and tweeted about it), even though the permissions in question (described in no unecrtain terms) were in the app for years, and there was an explicit setting in the app to turn this on&#x2F;off <a href="http:&#x2F;&#x2F;i.imgur.com&#x2F;NRarWdh.jpg" rel="nofollow">http:&#x2F;&#x2F;i.imgur.com&#x2F;NRarWdh.jpg</a>.

I&#x27;m ex-FB and have it on good authority that this is indeed used to improve the relevance of friend suggestions (i.e. distinguish between your best friends and the plumber in your contacts). I&#x27;m also told it&#x27;s opt-in, and the app dialog (not just the system dialog) does say call logs will be scraped.<p>But still, IMO it&#x27;s an incredibly invasive, incredibly dumb thing to be doing in the current context for the small benefit it brings. I hope they wake the f<i></i>* up to just how bad it makes FB look like to the outside world, and kill this feature with fire.

The mile-long list of app permissions requested by Facebook&#x27;s app should have been a red flag for most.<p>There are alternatives, such as using the mobile web interface, or any of the various apps that wrap the site, such as <a href="https:&#x2F;&#x2F;f-droid.org&#x2F;en&#x2F;packages&#x2F;it.rignanese.leo.slimfacebook&#x2F;" rel="nofollow">https:&#x2F;&#x2F;f-droid.org&#x2F;en&#x2F;packages&#x2F;it.rignanese.leo.slimfaceboo...</a>

When you allow an app to access your contacts, they grab all of them and upload them to their servers. It&#x27;s less severe in iOS because they can&#x27;t access SMS and call logs.

I hope it is getting to the point that having Facebook on your resume should be considered a huge red flag

This is one of the things that led me to stop using Facebook last year. In order to use the app you have to give it all manner of permissions. And of course, if Facebook can access your data they’re going to suck in as much as they can. They don’t respect you, they want to use you.<p>So put me in the “not surprised” category, but I’m really glad there’s more discussion of this.

Yawn! We knew this was happening for years. FB scraped data for one purpose only: To figure out who your close friends were offline. And they wanted all sorts of information that could indicate closeness. From location data that would show how often you meet up together and how long you hang out. To phone call and sms data.<p>Now a lot of that data is dead data. Like it has no use after a couple of years. But just like Google cookie having an expiration date of 20 years, FB just does not know when that data becomes irrelevant.<p>FB and zuck have this manifest dream of figuring out connections and then figuring out the strength of those connections. Then they want to figure out social relevance. Then they want to use that info to bind people together on their platform. It is not a bad idea overall, until you add in government and corporate entities.<p>And by that time you know how evil of a thing you signed up for.

MySpace allowed viruses on their platform; Facebook IS the virus.

I&#x27;ll throw in another place where permissions aren&#x27;t nearly granular enough - online file storage (Dropbox, Onedrive, Box.com, etc.). Perhaps I&#x27;d like to allow an app to save information for cross-platform use or just because I want it on my own personal cloud storage - 1Password&#x27;s older versions are a great example of this. I haven&#x27;t looked at it recently, but I&#x27;m not aware of any changes that add that level of granularity to the APIs.<p>What throws me is that I&#x27;d expect security conscious developers to be clamoring for this. If I&#x27;m writing an app that should store data for users on the user&#x27;s own accounts, it&#x27;s not &quot;I do not want to have access to everything&quot; it&#x27;s &quot;I do want to NOT have access to everything.&quot;

People had been running untrusted apps in the browser and collaborating over the internet for more than two decades now. Mobile OSes threw out all the safety lessons codified into web browsers and built an entirely new permissions model. A decade later, here we are - there are hundreds of companies holding varying levels of access to your entire contacts list, text messages, GPS data, photos and other media. And all of them will hold on to it for eternity.<p>I for one, am glad web apps are making a comeback. Now I use web apps wherever possible, fully aware that I can&#x27;t do anything about what&#x27;s already been shared.

From my insider source, I&#x27;m told that permissions will change significantly in the near future.<p>Just FYI: a lot of other apps also utilize the same permission. Just an aside but Google also has the authority to whitelist certain applications for these permissions - meaning they can enable certain invasive permissions without asking the users.<p>We shouldn&#x27;t just vilify Facebook. It was how the privacy framework was designed for Android that&#x27;s the issue. This will change in the next upcoming versions.

Their permission requests are outrageous. That&#x27;s why I refuse to install any apps from Facebook on my phone, and pollute my Facebook account with false personal data.<p>Fake news for fake data:)

Users need to be able to mislead the apps.<p>Right now, an app can force a choice: enable all the permissions, or you don&#x27;t get to use the app. Users need to be able to feed fake data into the app. For example, maybe Facebook should think I am spending my time with Bill Gates in Bhutan. Users should be able to install dishonesty plugins to generate this data.

I already suspected this due to getting more posts from my friends based on who I texted, and they were Android users. It&#x27;s fucking annoying. Also, using the same wifi network leads to getting friend suggestions

I really don&#x27;t get why people use the fb app. It drains your battery and privacy, not to mention the notifications. I use web app only.

Is this possible with IOS? Or for people who have never shared their contacts with Facebook?

What has changed at facebook to create all this negative feedback?

Google is as much to blame here as Facebook is. It shouldn&#x27;t have allowed apps with &quot;contacts&quot; permission to scrape sms &amp; call logs. I hope both of them are held accountable

This is completely unsurprising. The question is whether they should be allowed to keep that data.