Facebook sinks into scandals: SMS and call data leaked from Androids

Another Facebook scandal on the rise. Has Facebook been gathering personal users' data on Android devices without permission?

Facebook collected SMS and call data from Android users

What do ads in Washington Post, the New York Times, the Wall Street Journal and other UK papers[1] – mean for an apology if Facebook gets mixed up from one scandal to another? With the Facebook's Cambridge Analytica scandal[2] not over, the community is arousing again. Prompted by the infamous data breach, many people downloaded a copy of Facebook data about themselves.

Based on people's reactions, the results many of them found were worrisome. It turns out that by signing in to Facebook on with your smartphone, it might record call and SMS data. This applies to Android devices only. Here's a couple of posts found on Twitter:[3]

Oh wow, my deleted Facebook Zip file contains info on every single phone cellphone call and text I made for about a year.

Somehow it has my entire call history with my partner’s mum.

While the personal data stored does not contain personal information and does not store the context of SMS messages, some people found calls being recorded for several years, while the others were shocked by finding that only the communication with one particular family member has been analyzed for years.

Facebook admits it collects data on Android devices

As a response to the new rising scandal about data collection on Android smartphones, Mark Zuckerberg, the creator and leader of the Facebook social network, released an official report in Facebook's newsroom called “Fact Check: Your Call and SMS History.[4]

The company does not claim that it did not gather metadata of its Android users' calls and SMS. However, its spokesperson claims:

You may have seen some recent reports that Facebook has been logging people’s call and SMS (text) history without their permission.
This is not the case.

People are reassured that the call and text history has been gathered from those Android users who permitted to do so. For the first time the user downloads and installs Facebook app on an Android device, he or she is asked for permission to access contacts list, SMS, and call history.

For Messenger, you can either turn it on, choose ‘learn more’ or ‘not now.’ On Facebook Lite, the options are to turn it on or ‘skip.’ If you chose to turn this feature on, we would begin to continuously log this information, which can be downloaded at any time using the Download Your Information tool.

Although the question whether digging up in people's SMS and calls for improving Facebook's friend recommendation algorithm is normal practice or not is debatable, it seems that this time Facebook is going to get out dry.

Facebook's permission request could be more explicit

Privacy's security in priority. Just like Zuck said on its official apology for the Cambridge analytical scandal

We have a responsibility to protect your information. If we can’t, we don’t deserve it.

However, it seems that it's a common practice for tech giants to collect such as information and use it for service improvements. Facebook says that “it's a widely used practice to begin by uploading your phone contacts.[5] The data is used anonymously to improve the Facebook's friend recommendation algorithm by identifying which of the contacts are true friends and which are, for instance, colleagues.

While in 2015 and 2016 the earlier Facebook's versions installed on Android and Facebook Lite devices did not require for permission to gather data explicitly, the recent versions contain a “continuously upload” button, which is an explicit request to users for access to call logs and SMS logs on Android.

The evidence shows the opposite

Facebook's Android SMS and call scandal is currently being investigated, but the two confronting sides are taking their positions. While Facebook proves that the user provides permission to access contacts and SMS/call logs, some researchers claim that they found their SMS and call data collected for more than a year even if they do not have Facebook's messenger installed on any Android device.

In my case, a review of my Google Play data confirms that Messenger was never installed on the Android devices I used. Facebook was installed on a Nexus tablet I used and on the Blackphone 2 in 2015, and there was never an explicit message requesting access to the phone call and SMS data. There is call data from the end of 2015 until late 2016 when I reinstalled the operating system on the Blackphone 2 and wiped all applications.

Facebook swears it does not sell contacts, SMS logs, call history

We never sell this data, and this feature does not collect the content of your text messages or calls.

There's no evidence that Facebook would have been able to collect the content of the SMS or other personal information. As the company points out, with the data collection feature enabled on Android devices, the company is capable of examining when the user usually receives calls, what are his/her responses, and similar. However, the feature does not allow collecting the exact content of the SMS or calls.

Besides, it stresses the fact that each Facebook's user is required for permission to gather data and it's up to you whether you want to disclose it or not. The most important part here is to read the terms before installing apps or permitting them to do the thing on your devices.

About the author
Alice Woods
Alice Woods - Shares the knowledge about computer protection

Alice Woods is a security expert who specializes in cyber threat investigation and analysis. Her mission on Ugetfix - to share the knowledge and help users to protect their computers from malicious programs.

Contact Alice Woods
About the company Esolutions


Read in other languages