After the Cambridge Analytica scandal piqued public panic last week, Facebook is again coming under fire for another user data issue.
After the above news broke, Twitter user Dylan McKay published a screenshot detailing a particularly interesting set of data: a log of the outgoing, incoming and even missed calls he had received for two years.
No ad to show here.
He made the discovery after downloading his Facebook data (You can download your own Facebook data right here).
“Downloaded my facebook data as a ZIP file,” McKay writes. “Somehow it has my entire call history with my partner’s mum.”
Downloaded my facebook data as a ZIP file
Somehow it has my entire call history with my partner’s mum pic.twitter.com/CIRUguf4vD
— Dylan McKay (@dylanmckaynz) March 21, 2018
This thread goes on for quite a while — detailing how even his grandmother’s Facebook had logged calls — but it’s totally worth a read.
Facebook and Android permissions
McKay explained that he had Facebook’s app installed on and off and the Messenger app “for years” on his Android 5.1 Lollipop device.
There’s no granular app-level post-installation permission controls on that particular version of Android. And said controls are even more vague and hidden the older your version of Android. Only from Android 6.0 Marshmallow does your phone asks you to confirm a permission when an app explicitly needs to use it.
So if Facebook upon installation in an older version of Android wants access to your contacts and you don’t notice it, it can help itself.
iOS has had granular permission toggles from as early as 2013, but its not clear if iOS users also have this issue.
It’s also not clear if and how Facebook’s other apps — WhatsApp and Instagram — play a role in gaining call and messaging data.
The company has since quelled suggestions that its snooping on users without their consent, noting that the feature is wholly “opt-in” in a “fact check” blog post.
“Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android,” it writes.
“This helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook.”
Here’s the kicker:
“People have to expressly agree to use this feature,” it expressly expresses.
“If, at any time, they no longer wish to use this feature they can turn it off in settings, or here for Facebook Lite users, and all previously shared call and text history shared via that app is deleted.”
Facebook reminds that it gives users “the option to continuously upload your contacts as well as your call and text history”.
“On Facebook Lite, the options are to turn it on or ‘skip’. If you chose to turn this feature on, we will begin to continuously log this information, which can be downloaded at any time using the Download Your Information tool,” it continues.
And if you don’t want the company to continue the above practice on your device, “you can easily turn this feature off in your settings,” it adds.
“You can also turn off continuous call and text history logging while keeping contact uploading enabled. You can also go to this page to see which contacts you have uploaded from Messenger, and you can delete all contact information you’ve uploaded from that app should you choose.”
While you can disable the feature on Facebook, and the company claims that there is a way to delete the logged call data it holds, it’s not clear if said data is removed immediately.
Either way, even if it isn’t criminal, it remains extremely creepy.
How can you avoid this?
If you’re running Facebook on a version of Android older than 6.0 Marshmallow, delete the app (or Messenger or Facebook Lite) and reinstall it (if you absolutely have t0).
Upon installation, be sure to prohibit it from accessing your calls and messages when asked, or use a third-party Facebook wrapper.
To be completely safe, you can also log into Facebook through a web browser, instead of using the app. Go with something like Firefox Focus or Brave — the former deletes all browsing data upon exiting, the latter has excellent ad blocking features.
The negative is that you’ll have to log in every single time you want to access Facebook, but at least you won’t forget your password.
The positives? Facebook will no longer know when you’re sleeping, awake, bad or good.
H/T: Ars Technica
Feature image: Facebook