back to article 'Facebook takes data from my phone – but I don't have an account!'

Anyone who uses the Facebook phone app knows what a toll it can take both on your mobile data and free time to be plugged into the social network through your device. But what happens if you don't even have an account, you can't remove the app, and the social network won't leave you alone? That's a problem facing folks around …

  1. Anonymous Coward
    Anonymous Coward

    Hidden .facebook_cache folder

    Started to noticed a hidden .facebook_cache folder containing journal entries. That never happened before! Note, we've never used Facebook... My SO is forced to use WhatsApp for work though.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hidden .facebook_cache folder

      Where is it? I do have WhatsApp but I don't have any FB app installed, and I can't find it.

      1. Anonymous Coward
        Anonymous Coward

        'Where is it?'

        What's the path to this folder, you mean?

        Its located in the root of 'Internal Storage', right next to the default location for DCIM (photos / videos). Connecting the phone to a PC via USB shows the folder. Its not visible on the phone otherwise, due to the period at the start of the filename.

        The folder along with its files are getting created periodically, possibly around the 3rd week of every month (now)... What's in the files? No idea, they're encoded. What are the filenames? They're mostly obscure but two of them end in 'unknown', and the only other standout one is called 'Journal'...

        Anyone else seeing this? .... Any idea what these are? This phone has never had Facebook ever. Its Android v4. Every single slurpable app has been long disabled, except WhatsApp... Which was side-loaded earlier this year...

        1. Tony Paulazzo

          Re: 'Where is it?'

          WhatsApp

          If it's owned by Facebook, and you use it it, so are you...

          https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Facebook

          1. Anonymous Coward
            Anonymous Coward

            'If it's owned by Facebook, and you use it it, so are you...'

            Sadly, lots of workplaces are too useless to have proper infrastructure and so rely heavily on Gmail / Google-apps and WhatsApp etc. Especially educational institutes. Consider yourself lucky / free to escape this kind of oppression! But make sure you're not friends or have family linked to anyone in this situation sharing your cellphone / email with Suckerberg, or you're info is being hoovered up in Shadow Profile data too!

            1. JohnFen Silver badge

              Re: 'If it's owned by Facebook, and you use it it, so are you...'

              " lots of workplaces are too useless to have proper infrastructure and so rely heavily on Gmail / Google-apps and WhatsApp etc. "

              Mine is one of these (except WhatsApp). So what I do is use them -- but only on company computers, and only for company business.

              I don't allow any of my personal machines or devices to communicate with company equipment or services.

            2. StargateSg7 Bronze badge

              Re: 'If it's owned by Facebook, and you use it it, so are you...'

              Luckily, I don't have this issue since we have OUR OWN Android OS which we rebuilt from SCRATCH which redirect's all IP requests and file open/save requests to sandboxed files which we can examine at ANY time to see where there are going and what is being saved.

              In a CUSTOM version of Android you just redirect ALL file open/write/read/close requests and ALL IPV4/V6 data rads/writes to custom memory locations and REMAP storage requests to custom files which can be moved and/or examined and/or deleted at any time!

              Any APPS we install will work as normal and since we even create our own version of JAVA/JS where we can ENSURE everything such as location data, hardware and BIOS access is simply STRIPPED OUT or redirected...It's actually not that hard to do and once your codebase is set you only need to update it whenever a new version of Android comes out.

              Yes! A "normal" company would NOT do that but since we ARE NOT a normal company, we have the coders and hardware tech engineers and gurus who can do stuff like that! We STILL use Facebook and many applications BUT it's on OUR TERMS ONLY since WE rewrote the Base Android OS, teh phone BIOS and the JAVA JIT engine AND the HTML5 browser engines from SCRATCH !!!

              1. Jamie Jones Silver badge

                Re: 'If it's owned by Facebook, and you use it it, so are you...'

                Who are "you", and where can we get your OS?

                1. Charles 9 Silver badge

                  Re: 'If it's owned by Facebook, and you use it it, so are you...'

                  And what do you do when you need to use an app that won't work unless the custom OS is signed by Google?

                  1. dbtx Bronze badge

                    I've no such problem yet but I suppose that I would duly forsake that God-forsaken app, and refuse to use it

        2. Anonymous Coward
          Anonymous Coward

          Re: 'Where is it?'

          I vaguely remember with Win95 with some form of early malware that would either create a file in the Windows directory.

          The way to prevent it was to create a folder with the same filename (complete with .EXE at the end) as the malware. The idea was that you can't overwrite a folder with a file, and so was safe.

          Not an Android person, but wonder if you deleted that folder and created a file with the same name it would bugger things up for FB?

        3. anothercynic Silver badge

          Re: 'Where is it?'

          Can you modify its permissions? :-)

      2. Jamie Jones Silver badge

        Re: Hidden .facebook_cache folder

        Try "sqlite3 dump <filename>" - (but not on the journal files)

        1. Anonymous Coward
          Anonymous Coward

          'Try "sqlite3 dump <filename>"

          Have Win7/Mint on Desktop. Steps for easy install of sqlite3...?

          1. onefang Silver badge

            Re: 'Try "sqlite3 dump <filename>"

            "Have Win7/Mint on Desktop. Steps for easy install of sqlite3...?"

            Dunno about Win 7, I don't have one of those handy, and even for Mint I'm just guessing, I don't want to turn on my test Mint system just to look that up, but try this on Mint -

            apt-get install sqlite3

            Or try searching for it in what ever package manager you use on Mint, it'll be there. It might even be installed already, it's a common dependency for Linux packages.

            1. Jamie Jones Silver badge

              Re: 'Try "sqlite3 dump <filename>"

              Let us know if the mint suggestion worked!

              meanwhile, on mint, type "file FILENAME"

              that should show you what type of file it is, even without sqlite3 installed.

            2. Anonymous Coward
              Anonymous Coward

              'Let us know if the mint suggestion worked!'

              UPDATE:

              Thanks for the debugging suggestions guys. It seems I had Sqliteman installed for phonebook backups. However it didn't recognize the files. But File <filename> returned 256 x 256 PNG. Turns out they're thumbnails, like little Google-maps.

              CONCLUSION: Looks a lot like 'Location' Tracking-Data.

              Location Services are fully off, but of course on Android-4, there's no permissions. So WhatsApp could be logging cellphone towers like Google was caught doing recently.

              Interesting stuff, but terrifying too, if it turns out to be true. Will keep an eye in coming months and post again under the same original post title if things go down-the-rabbit-hole much further...

              1. Jamie Jones Silver badge

                Re: 'Let us know if the mint suggestion worked!'

                Please ping me if you have an update, or want to investigate further. I'm unlikely to notice any replies to this topic in the future (sucky El reg forums - how on Earth do people track replies on here?)

                The "-journal" ending implied to me it was sqlite3, but they were images.. Hmm. maps of your location?

                I don't have access to an android *phone* so can't check, but I can comfirm that at least until android lollipop you could grab the wlan mac, and the host mac on a tablet even without being granted the privileges "needed", so nothing would surprise me ( https://forums.theregister.co.uk/forum/containing/3520637 )

                Of course, the host mac is good as a unique id (if the 'official device unique id' is denied)

                Also, the wlan mac can be used to track you from their big database of snarfed wlan mac address.

                Incidentally, I worked out how to do this after accidentally stumbling on an app that had my precise location in it's config/data file - despite me never authorising it, or even having GPS (not really much point on a TV box!)

                Even some apps from "reputable" companies do this - it appears that the ad brokers follow no rules when it comes to what they'll try and grab... Don't they know unauthorised access is a crime?

                1. Anonymous Coward
                  Anonymous Coward

                  Re: 'Let us know if the mint suggestion worked!'

                  "my precise location in it's config/data file"

                  Any particular format? Presumably something fairly compact (in "number of bytes" terms)?

                  "The "-journal" ending implied to me it was sqlite3, but they were images.. Hmm. maps of your location?"

                  If, hypothetically speaking, I wanted an app to unobtrusively track someone's location, periodically saving/uploading a harmless-looking image (*NOT* something that looks like a map) with the location data hidden in the image using steganography or similar, for later analysis, might be an interesting approach.

                  Are there any samples of this 256x256 PNG file ? Has anyone looked at the actual contents?

                  1. Jamie Jones Silver badge

                    Re: 'Let us know if the mint suggestion worked!'

                    I'm getting confused - there seem to be 2 different anons posting here!

                    The format... It was just grid coordinates in text, not hidden.. It was part of a json or something. I've blocked all these ad slurpers on my router now.. .I'll see if I can find an example....

                  2. Jamie Jones Silver badge

                    Re: 'Let us know if the mint suggestion worked!'

                    Interesting idea, though location data can be transfered in 4 bytes.. It would be pretty easy to hide that somewhere, without uploading an image... Uploading an image would set my alarm bells off immediately! Have they got control of my camera?!

                    Ok, I found this. I wrote a script that deletes all the spying data files, but this is obviously one I missed:

                    44 -rw-rw---- 1 u0_a194 u0_a194 43043 Aug 27 2016 /data/data/air.SpaceZombies2/shared_prefs/Appodeal.xml

                    Look for "Appodeal.xml" in the shared_prefs folder of any app (you'll need to be root though)

                    This is a 43K file, starting off like:

                    <?xml version='1.0' encoding='utf-8' standalone='yes' ?>

                    <map>

                    ap>

                    <string name="banner">{&quot;status&quot;:&quot;ok&quot;,&quot;ads&quot;:[{&quot;status&quot;:&quot;mopub&quot;,&quot;id&quot;:&quot;YktV,,, etc.

                    decoding it gives a json file, uploading variables such as:

                    gender:

                    alcohol:

                    smoking: (how the f??? does it know that?)

                    Interestingly, it's also hacked other apps and uploaded their unique ids that were given to me, including: "admob, applovin, chartboost, inmobi, mopub, smaato"

                    The worst is this URL listed:

                    "url":"http://soma.smaato.net/oapi/reqAd.jsp?adspace=130015622

                    \u0026apiver=415

                    \u0026bundle=air.SpaceZombies2

                    \u0026device=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+5.1.1%3B+R68G+Build%2FLMY48G%29

                    \u0026devicemodel=rockchip+R68G

                    \u0026devip=88.109.36.106

                    \u0026dimension=full_320x480

                    \u0026dimensionstrict=true

                    \u0026format=all

                    \u0026formatstrict=true

                    \u0026gender=m

                    \u0026googleadid=6d7d7151-9edf-4085-aa19-67726fd7dd1c

                    \u0026googlednt=false

                    \u0026gps=51.65765765765766%2C-4.0371868876609485

                    \u0026iabcategory=IAB95

                    \u0026kws=puzzle%2Ctools%2Cadventure

                    \u0026mraidver=2

                    \u0026pub=1001000335

                    \u0026response=html"

                    All those details were accurate at the time - as I said, I don;t even have gps on here, but if you look at the "gps" field, if you threw a hand-grnade at those coordinates, you'd blow up my sofa! (OK, slight exageration, but it's the coordinates of the playing field opposite!)

    2. Anonymous Coward
      Anonymous Coward

      host file?

      Does Android have a host file that can be edited to misdirect all things Facebook?

      1. Steve Evans

        Re: host file?

        It does indeed.

        Although you will probably need root to get to it, and if you've gone that far you could either remove the FB app, or install a ROM that doesn't come pre-infected.

        1. CrazyOldCatMan Silver badge

          Re: host file?

          Although you will probably need root to get to it

          Which reminds me - I'm going to need to replace my OnePlus 3 soon (it's getting a bit flaky - rebooting at random intervals - both on a stock ROM and on the custom ROM I use) and so I want to replace it. Requirements are:

          2 SIM slots (I don't want to have to carry a 2nd phone for work)

          Must be rootable (bonus if a custom ROM is available).

          Doesn't have to have a headphone jack, would be nice to be at least splashproof and have a good camera.

          Any ideas? I thought that the Nokia 8 looked like a vaguely good bet but I don't know how long they support their phones..

          1. Waseem Alkurdi Silver badge

            Re: host file?

            If it were me, I would go for another OnePlus (maybe a OP5).

            That's the only thing that checks all the boxes and has some support.

          2. Alan_Peery

            Re: host file?

            Sounds like you should look at the OnePlus 6....

        2. Alan Brown Silver badge

          Re: host file?

          "Although you will probably need root to get to it,"

          If you don't want to root your android, then Blokada will do the trick nicely. It's available on the F-droid store (banned from Google for obvious reasons).

          Incidentally, Facebook aren't the only spyware bunch coming preinstalled/unreovable. Slimy spamhaus Linkedin has their app bundled with Samsung Galaxy 9 phones and it's also non-disablable.

        3. population density

          Re: host file?

          Regarding Facebook app on Android, if you download a file manager such as ES File Explorer you can then click on Apps and Uninstall.

      2. e^iπ+1=0

        Re: host file?

        Does dns66 help if the device isn't rooted? Sadly, I am without the problematic face* apps to test.

        1. Sir Runcible Spoon Silver badge

          Re: host file?

          Back when I used to use a smart phone, I seem to recall installing a local VPN app that created rules every time another app wanted to talk to someone. It gave you the option of denying the flow - so if you have s/ware you can't un-install you could always try blocking the data flow.

          1. tel2016

            Re: host file?

            NoRoot Firewall?

        2. ACZ

          Re: host file?

          I'd definitely suggest giving dns66 (https://github.com/julian-klode/dns66) a tryt - it'll set itself up as a VPN on your phone so all traffic is routed through it, and then just black-hole ad sites. Don't know whether the domains the FB app is talking to are blocked by it, but it's worth a try. If the problem app is installed as a system app then you might have to go into the dns66 "APPS" settings and toggle it to show system apps since dns66 is set up so that traffic from system apps is (by defaut) not re-routed.

          If using dns66 then you can also get it to use a chosen DNS server, e.g. an ad-blocking DNS server.

      3. Alumoi

        Re: host file?

        Yes, it does. But you have to be root in order to modify it.

        And while you're at it, install a firewall, an adblocker and nuke all the crap that comes preinstalled.

        AFWall+ and AdAway do wonders for your peace of mind.

        1. jaduncan

          Re: host file?

          You don't have to be root to modify DNS66, it works via a local VPN.

          1. Charles 9 Silver badge

            Re: host file?

            But does it also work on system apps which can operate under it? Or the baseline OS itself?

    3. JohnFen Silver badge

      Re: Hidden .facebook_cache folder

      "My SO is forced to use WhatsApp for work though."

      Then your SO is using Facebook.

  2. Anonymous Coward
    Anonymous Coward

    scurrilous scumbags surreptitiously stealing shit.

  3. thesykes

    If manufacturers want to sell their souls to Facebook, let them, but the app should be installed as a normal app, not a system one. Not only does that mean they can't be uninstalled, but, it wastes storage on old versions of the app sitting redundant, if they are used and updated.

    1. Dan 55 Silver badge

      It's money. If Facebook paid high enough, at least one manufacturer would make the FB app the default launcher.

      1. Voland's right hand Silver badge

        If Facebook paid high enough, at least one manufacturer would make the FB app the default launcher.

        I believe that was done at least once. I recall something called "facebook phone" being shown at MWC a few years back.

        1. StripeyMiata

          HTC First - https://en.wikipedia.org/wiki/HTC_First

          Was a massive flop for what it's worth.

      2. cosmogoblin
    2. Voland's right hand Silver badge

      Immediate kill in our house

      Any Android device is used only after Facebook has been killed with extreme prejudice.

      1. It has an abominable level of access to your phone - more than google's own apps. I have dumped the permissions in human readable format before - have a read: https://forums.theregister.co.uk/forum/containing/3518874

      2. It used to go into a tailspin without you having an account and use 100% CPU in some versions. So disabling it was a requirement if you did not have a f***book account.

      3. Even if you do not have an account some versions still register as attempting to talk to mothership in an app level firewall in Android. So it is guilty of data collection until proven innocent even if you do not have an account and/or have agreed to Facebook terms. That as we all know is a GDPR no-no. I am eagerly awaiting the end of this month to unblock the "not uninstallable" factory f***book app on my phone for 5 minutes and capture its data profile. If it will be what I would expect it to be the Minuteman will start a final countdown for a 4% Turnover GDPR nuclear strike.

      1. Anonymous Coward
        Anonymous Coward

        Re: Immediate kill in our house

        @Voland's right hand; "it is guilty of data collection until proven innocent even if you do not have an account and/or have agreed to Facebook terms. That as we all know is a GDPR no-no"

        Indeed. Let's please, *please* hope those pathologically-contemptious c***s get metaphorically (#) hit by the GDPR in much the same manner as Joe Pesci was at the end of "Casino".

        (#) No comment on the suspicion that there are some people out there who *would* be happy to see this happen more literally to Zuckerberg!

      2. Bavaria Blu
        Stop

        Re: Immediate kill in our house

        Sure the GDPR only applies to personally identifiable data? I am not sure what data Facebook could collect which would be useful assuming no one is logged in. Perhaps you could use aggregated phone location to estimate footfall for retail outlets?

    3. Anonymous Coward
      Anonymous Coward

      If manufacturers want to sell their souls to Facebook

      rotfl, they're selling YOUR soul, not theirs. And the fact that "the app is installed as a system app, not a normal one" is EXACTLY there so that it stays there and you, an average mug, can't just delete it because you heard something-something-privacy-issue. You know, this free shot you get? If you need to go out to find a dealer, it's a hassle and plenty of reasons to give up before you find one. But if it's there, RIGHT IN YOUR POCKET...

      1. JohnFen Silver badge

        Re: If manufacturers want to sell their souls to Facebook

        "they're selling YOUR soul, not theirs"

        True. Facebook (et al) has no soul to sell. Nor ethics, or even basic human decency.

    4. paulll Bronze badge

      Yes, that!

      I've a Samsung tablet that's perpetually low on storage. I have 800Mb-ish of programs that I've installed on it...and over 900Mb of pre-installed crap that I would like to delete, but can't.

  4. Timmy B Silver badge

    I wonder if the same phone unlocked has the software pre-installed too? I'm suspecting that this is down to sprint rather than LG

    1. Anonymous Coward
      Anonymous Coward

      Nope it will be the phone.

      I've always by SIM free and this sort of shit is always pre-installed.

      We can only hope the time of reckoning has come and that governments* around the world start fining them in the tens of billions, rather than the millions.

      *as recently demonstrated, the UK is not worth the tech giants time. I'm talking about ones that actually scare the organisations, not ones with as much bite as a dead goldfish.

      1. Anonymous Coward
        Anonymous Coward

        What Facebook app?

        I bought a new UK Android phone a few weeks ago. I previously had two network-independent and SIM-free Moto G II, (of the dual SIM kind), which didn't appear to have a pre-installed Facebook app.

        4G coverage in relevant areas is now much better than 3G (which was non-existent), hence I have upgraded to a behind the curve (ie affordably does what I need) Moto G 5S (sadly, single SIM - but the dual SIM was mostly because of poor coverage) phone, again bought as network-independent, again apparently no pre-installed Facebook app.

        What am I missing ? Is the FB app there in my phones but hidden, or what?

        (I don't speak FB or Android but on a good day can just about cope with Wireshark Classic, if that's any help).

        1. onefang Silver badge

          Re: What Facebook app?

          I dunno about the Moto Gs, but Motorola has a tendency to not put too much bloat on their phones. Moto Z doesn't have much bloat beyond a large amount of Google Apps.

          On the other hand, maybe what you are missing is carrier added bloat?

  5. Anonymous Coward
    Anonymous Coward

    Adventures in a NEW Android 6 Phone

    Thankfully the Facebook-App can be uninstalled, and the Facebook-App-Installer and Facebook-App-Manager CAN BE Disabled (on the one I have - Alcatel). You can also disable and de-permission every obvious Google app. But not MTKLogger / MTKThermal / Regulatory & Safety (jrdcom???). The System-Updater also can't be disabled. Its far harder to see what's running vs Android-4 too. You have to enable Developer-Options, then go there each time to view Running Services etc.

    However, after doing this, almost no functionality exists on the phone anymore unlike Android-4. You can't even view photos taken with the Camera. Planning to visit F-Droid soon to look for a Firewall to block the rest. Hopefully we can find less-slurpy App replacement too... Any recommendations folks??? Maybe there are enough replacement apps and we can block everything else that looks suspect. But overall, its a fucking joke...

    What a choice... This industrial Slurp or a Feature Phone. Thankfully Signal works ok. Had to be manually installed of course. Something like that would never be installed by default, unlike Gmail/Facebook. It has had to be side-loaded too, to get around not having Google-Play anymore. That means having to download it off Signal's website directly, and manually checking the download integrity by using Java Keytool along with a sha256 check.... Oh boy, what a world!

    1. Anonymous Coward
      Anonymous Coward

      Anyone ever test-drive these:

      1. Yalp Store – Play Store Apps without Google Account

      2. DNS66 – Block Ads, Trackers &Malware without Root

      -----------------

      https://www.digitbin.com/best-apps-f-driod/

      1. Captain Hogwash Silver badge

        Re: Yalp Store

        It's pretty good. Occasionally it won't log in with the fake credentials but I have a few apps not available directly or via F-Droid through it.

      2. slimshady76

        Re: Anyone ever test-drive these:

        I have been using dns66 for over a year now. Works great, and you can customize the block/exclusion list, or even add your own DNS servers. The only thing missing from it it's secure connection to DNS servers over HTTPS/TLS. Last time I checked there were a few folks on Github asking the developer to implement it.

      3. Robert Helpmann?? Silver badge
        Childcatcher

        Re: Anyone ever test-drive these:

        I was going to ask the same concerning the NoRoot Firewall. I am very curious to find out if something similar would be effective in the situation described in the article.

    2. Anonymous Coward
      Anonymous Coward

      Re: Adventures in a NEW Android 6 Phone

      Or you could just pay a little extra for an iPhone that comes with none of that shit pre-installed, and thus no need to waste your time on OS gymnastics.

      1. Vector

        Re: Adventures in a NEW Android 6 Phone

        Or you could just pay a little extra for an iPhone that comes with none of that shit pre-installed...

        Ah! So, sell your soul to Apple instead of Facebook. What a lovely plan.

        Of course, with Android there's Google...

        <sigh>

        1. Anonymous Coward
          Anonymous Coward

          Re: Adventures in a NEW Android 6 Phone

          Android sends a metric shit ton more data back to Google than iOS sends to Apple.

        2. Lomax

          Re: Adventures in a NEW Android 6 Phone

          Unlike: https://jolla.com

          Sailfish v3 has been announced, to be released Q3 2018.

      2. Anonymous Coward
        Anonymous Coward

        Re: Adventures in a NEW Android 6 Phone

        Apple is beginning to look like a paragon of virtue, aren't they? That's the advantage of hanging out in a bad crowd.

  6. JimmyPage Silver badge

    Pages rule (again)

    Do not buy a phone with any pre installed cruft on it.

    Yes, you can do all sorts of (warranty invalidating) things to remove it. But why *pay* for it in the first place.

    1. Anonymous Coward
      Anonymous Coward

      Re: Pages rule (again)

      That's a nice idea however there are very few options because these scumbags pay the manufacturer/operator to put them on.

      1. Anonymous Coward
        Anonymous Coward

        Re: however there are very few options

        If you insist on not buying a phone, but having a contract; yes.

        Otherwise there are plenty of places that will sell you a bog-standard <whatever> with stock Android and no cruft.

        1. Anonymous Coward
          Anonymous Coward

          Re: however there are very few options

          aaprt from of course the dreaded Google binary blob.

          No Google, I don't need Gmail, or Hangouts, or Photos or Play Movies, or Play Music or any other shit you think is "essential".

          If I want them, I'll install them.

          1. TRT Silver badge

            Re: however there are very few options

            In the shop, look interested and excited as you ask the salesbot what applications come preinstalled with the phone. Let them rattle off the list, demonstrating on screen as they go, then say with a disappointed "Oh.", "Well, I don't do any of that crap, and I don't want it preinstalled on my phone. Do you have one without all of that on it?"

            And when they say no, thank them politely and walk out of the door. You might want to ask them if they earn anything from sales commission at some point.

            1. Anonymous Coward
              Anonymous Coward

              Re: however there are very few options

              unfortunately, your vision of a punter / salesdroid encounter is just a vision, because in reality 99.9% just grab the shiny-shiny and even if the droid bothers to mention the slab comes with fb preinstalled, that 99.9% think or say: "oh, that's GREAT, how convenient, THANKS!"

              So, while I share the sentiment, it's got NOTHING to do with reality. And don't remember that the register and the readers and their views on privacy, while tthey / we count for, perhaps, 99.9% of views in this forum, are less than a 1% of that 1% of punters in the mobile phone shop, who MIGHT walk out because fb, etc.

            2. juice Bronze badge

              Re: however there are very few options

              Sadly, I'm not convinced that wasting the time of some poor sod on minimum wage at a british high-street shop is going to achieve anything - it's not like they're going to immediately ring up the handset manufacturer or Facebook to report that someone's been behaving like a douchebag!

              Back to the subject at hand, and I was mildly disappointed to see that my V30 (bought unlocked from CW on the aforementioned high street) came with Facebook pre-installed and un-uninstallable. As a business-orientated phone, I was rather hoping the built-in cruft would be kept to a minimum...

          2. CrazyOldCatMan Silver badge

            Re: however there are very few options

            If I want them, I'll install them.

            This is why custom ROMs are so good (if you get a good one) - none of them come with the Google stuff and so you can choose the level of Google ownership that you want - there's a GApps package to suit all sizes.

            I tend to start off with the minimum-sized one with Play Store compatibility and then add other stuff on as needed.

          3. Anonymous Coward
            Anonymous Coward

            Re: however there are very few options

            No Google, I don't need Gmail, or Hangouts, or Photos or Play Movies, or Play Music or any other shit you think is "essential"

            You're using a "free" Google operating system that by definition runs with full system privileges. Do you really think that uninstalling a couple of apps will stop the slurp?

    2. Steve Evans

      Re: Pages rule (again)

      I'm quite shocked to see how many phones come pre-infected with this. I'm a long time Nexus and Pixel owner, so I guess I've had a sheltered and uninfected life.

      It's been many years since I've allowed a FB app near my phone, I can't remember which update it was, but one of them pushed the permissions requests just a little too far and I said "nope".

      So far I've managed to survive with just a mobile browser (although FB actively detect and nobble the website from the built in Android chrome browser and try to force the app - you just have top get a bit creative and install another browser, or customise the user_agent tag).

      1. Kimo

        Re: Pages rule (again)

        Just pull down the Chrome menu and select "Request Desktop Site."

      2. Jeffrey Nonken Silver badge

        Re: Pages rule (again)

        "I'm a long time Nexus and Pixel owner, so I guess I've had a sheltered and uninfected life."

        ... Other than all the Google crud. And it's got all kinds of "keep you informed" alerts enabled. If you don't want your phone constantly telling you which celebrity is dating whom and who won various sports events, you need to go through a painful process of individually shutting down a crap ton of feeds.

        Fortunately neither Facebook nor WhatsApp seems to be installed here. Pixel XL here, with a Nexus 7 2nd gen and a now-broken Nexus 5x, all running stock. ... Well, except the broken phone, which doesn't run anything.

        1. Jeffrey Nonken Silver badge

          Re: Pages rule (again)

          At least you CAN disable the feeds, unlike that stupid search bar.

          1. onefang Silver badge

            Re: Pages rule (again)

            You can disable the stupid search bar to, install a different launcher. I've never seen these feeds though, even on my Google infested phones.

    3. Malcolm Weir Silver badge

      Re: Pages rule (again)

      You are not paying for it, you are receiving a discount/subsidy for it.

      Granted, the subsidy might be paying for stuff you don't care about (often things like storefronts and customer "assistance" that doesn't assist), but recognize that, all else being equal, installing stuff on new devices is a profit center for the sellers.

  7. werdsmith Silver badge

    As long as there is an underclass of chavvy thickos then faecebook will continue to thrive.

    I believe that the only people still using faecebook at the ilk of Jeremy Kyle guests but unfortunately there are a lot of them.

    1. Anonymous Coward
      Anonymous Coward

      "As long as there is an underclass of chavvy thickos then faecebook will continue to thrive"

      That's no way to speak about your parents.

      1. Kane Silver badge

        "That's no way to speak about your parents."

        Hello, Police? Yes, I'd like to report a murder I witnessed.

  8. Adam 52 Silver badge

    Computer Misuse Act 1990 s1:

    (1)A person is guilty of an offence if—

    (a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured;

    (b)the access he intends to secure , or to enable to be secured, is unauthorised; and

    (c)he knows at the time when he causes the computer to perform the function that that is the case.

    Section (c) might be an issue, but a simple letter can easily sort that.

    1. Teiwaz Silver badge

      Computer Misuse Act 1990 s1:

      That's a UK statute (or whatever IANAL OCBB) FB have already shown their disdain for 'Her Majestys Government'.

      1. Adam 52 Silver badge

        Distain for politicians isn't distain for government and is a long way from distain for Her Majesty's courts and their friends in Interpol.

    2. TechnicalBen Silver badge
      Facepalm

      Misuse act...

      Sadly I suspect in a court of law, this big companies are big enough to convince the judge that it is not our computer any more...

      That or it's not a computer... it is a phone. [See icon]

      1. Adam 52 Silver badge

        Re: Misuse act...

        That's a good point, I'd forgotten that there's no case law on whether a phone is a computer yet.

        Does the Facebook app run on tablets?

        Of course if it's a phone then data stored on it must be communications, and accessing them without permission is what put those gutter dwelling slimeballs from the News of The World in prison.

        1. onefang Silver badge

          Re: Misuse act...

          I have Android installed on a partition of one of my computers, and Facebook apps, for testing purposes. I don't own any tablets, but I suspect the apps will run fine on them.

    3. Anonymous Coward
      Anonymous Coward

      What's the connection between Facebook and Kodi?

      Maybe if someone could somehow convince The UK Powers That Be that Facebook promotes the use and/or sale of Kodi-related things?

      The UK Powers That Be seem to have convinced the cops, trading standards, legacy media, etc, that anything Kodi-related is fair game (whereas flaming domestic appliances can be duly ignored by the authorities).

      Has anyone mentioned internet.org yet? Not just a facebook phone, a facebook Web.

      1984 had nothing on this. Nor Gilliam's Brazil, nor the original Max Headroom. This is the worst of all of them, and more. For what?

  9. Kreton

    Facebook firewalled?

    I use a free firewall on my phone, NoRoot Firewall and the Facebook app is blocked on wifi and mobile data but I don't know if it can pass data some other way. Does this come under the auspices of the information commissioner?

    1. TonyJ Silver badge

      Re: Facebook firewalled?

      @Kreton...ditto. And even though I have a phone with BTU firmware and no facebook app, it threw up a surprising number of hits for facebook...all of them blocked.

      1. TRT Silver badge

        Re: Facebook firewalled?

        There's a lot of webpages and the like that download social media icons from the originating company's servers. Honestly, a modern webpage is like shotgun blast on the resolver queries. With all the advertising, typefaces, style sheets, frameworks, javascript etc

  10. Zog_but_not_the_first Silver badge
    Big Brother

    Once again, it's NOT YOUR PHONE

    It's their phone.

    1. Crisp Silver badge

      Re: Once again, it's NOT YOUR PHONE

      If it's their phone then they can pay the bloody bill!

    2. Chozo
      Flame

      Re: Once again, it's NOT YOUR PHONE

      Some would call it aggressive market research,

      I call it for what it is, unwarranted surveillance.

  11. Shadow Systems Silver badge

    I'd root my phone...

    ...in the microwave. Fuck Zuck & his ilk, it's *my* property & *I* will determine what runs on it. If I don't want a (anti) social media application on it then it doesn't get to be installed. If it's already there then I get to remove it. Don't like it? Tough fuck, it's mine. I'll rip that fucker out by the roots, salt the Earth, & pour acid over the ground to make sure that weed never takes root ever again. If I can't root my own damn phone then I'll toss the fucker in the microwave for 99:99 & cackle at the explosion. Then I'll go out & replace it with either a device I *can* root or a complete burner phone that can't run apps at all. Either way FartBook/InstaScam/Twatter/etc won't be installed on it & those nosey bastards can go fuck each other with an AI-ML-"deep packet inspection" routine.

    *Cough*

    Sorry for the rant & vitriol, but I very recently tried to buy a SmartPhone & was told that the (anti)social media apps could not be carrier removed. "Those are part of the phone, we can't remove them." Even if the customer specificly requests that they be removed as part of the device's sale? "Sorry, we're not allowed." Fine, then I'm not allowed to buy the device. I'll vote with my wallet & my wallet says that you can just go fuck yourself with that device. I tried other carriers & was told the same thing in so many different words. If I wanted the phone then I *had* to buy the apps that were part of the software loadout. They couldn't & *wouldn't* help me uninstal said apps "since that causes issues with updates". Bullshit. Fewer apps means an *easier* update, not a more difficult one. "You could try a third party ((Chinese)) vendor for a rootable phone!" Yes, but then I can kiss goodbye to any vendor supplied updates & thus rely on a *fourth* party software vendor for support. As if it's not already hard enough to get the device maker to support their own damned devices, now I've got to wait for someone else to update it instead? Yeah, that's not a recipie for disaster.

    *Sigh*

    Just one more reason I use a feature phone. No apps to keep up to date, to become security holes that suck out my private data, & that can't be uninstalled because the manufacturer decided to squeaze a bit more blood out of that stone. Just a phone that makes/takes calls, text messages, & is smart enough to have a built in screen reader for the blind. It'll have to do. =-\

    1. Charles 9 Silver badge

      Re: I'd root my phone...

      "Just one more reason I use a feature phone. No apps to keep up to date, to become security holes that suck out my private data, & that can't be uninstalled because the manufacturer decided to squeaze a bit more blood out of that stone. Just a phone that makes/takes calls, text messages, & is smart enough to have a built in screen reader for the blind. It'll have to do. =-\"

      Guess what? Facebook is in feature phones, too! Don't believe me? Try a country in southeast Asia like the Philippines.

  12. Aristotles slow and dimwitted horse Silver badge

    But but but...

    But at what point, when you chose a phone with an O/S created by the biggest data slurper of them all did you stop to think that, just maybe, data slurpage might be an issue? I do have sympathy, but it seems a little disingenuous to knowingly choose an Android phone and then moan that your data is being surreptitiously gobbled up by Facebook and Google et al.

    Not that my IOS device is any different I guess. I think we all fu**ed.

    1. Packet

      Re: But but but...

      I believe you don't have this issue with iOS - the Apple privacy policy is rather a welcome read:

      https://www.apple.com/privacy/

  13. Kevin Johnston

    Maybe not a popular choice but...

    I bought a BB Keyone SIM-free as I have real problems typing on the virtual keyboard of most phones and having read the article and comments I decided to do a check. With the phone connected to a PC to reduce the places to hide I was unable to find any reference to Facebook so there is at least one option out there.

    The shame is you cannot check things like this before you buy the phone and it is becoming ever more needful.

    1. Bronek Kozicki Silver badge

      Re: Maybe not a popular choice but...

      I also checked my BB keyone (I also cannot use a touch keyboard and prefer real one) - no trace of Facebook aside from WhatsApp. I remember installing it for communication with work colleagues, so it is not as if I can blame someone else. Thankfully I no longer need it, so it has been just removed.

  14. alain williams Silver badge

    GDPR violation ?

    Your phone is *your* phone so it is personal information. Grabbing location/... data is taking personal information. Did you consent to this ? If not then it is illegal.

    There need to be prosecutions.

    1. heyrick Silver badge

      Re: GDPR violation ?

      "There need to be prosecutions."

      Indeed there should be, but given how Safe Harbour was ruled invalid and replaced by some extra words that mean bugger all, I won't hold my breath.

    2. Alumoi

      Re: GDPR violation ?

      Your phone is *your* phone so it is personal information. Grabbing location/... data is taking personal information. Did you consent to this ?

      Yes, you did consent. Remember that first setup after unboxing your phone? When you had to accept all those agreements in order to be able to use your property?

      Oh, you didn't read them, just pressed next, next, next, agree.

      Did you even notice there are a lot of links to websites that have another shitload of legalese explaining why you must agree to sell your firstborn in order to use the phone?

      1. heyrick Silver badge

        Re: GDPR violation ?

        "Yes, you did consent."

        No, you didn't.

        1, The fact that Facebook pillages your personal data is likely not disclosed in any of the agreements. It'll be some generic legalese mentioning "our partners" which fails to say what, who, and why.

        2, If there is no option to disable the collection of data, it isn't valid to imply "informed consent" because there is no mechanism to grant or revoke said consent.

        3, In this juridiction, even though it is never enforced, all those terms that you "agree to" are utterly meaningless. Why? Because it is something (usually a restriction or somebody granting themselves permission that you would not knowingly grant) that appears after purchase.

        4, In a good few cases, YOU never even agreed. In order to claim a service charge for helping with setting up the device, the rep in the telephone shop will unwrap the phone, install the SIM, power it up, tap through all the agreements, then check the device is registered with the network (and charge you for it). [1]

        So, yes, I'd like to see this nonsense tested in court. And I mean a real court, not an American one.

        1 - My S7 is the first phone that I tapped on the agreements myself (it's my fourth Android). I made it quite clear that if there was a Facebook app built in that could not be disabled, I was handing the phone back. She didn't know. Her S7 had it but she didn't know if it was built in or if she installed it. So she went to check another and by the time she came back I'd already fitted the SIM, so she just let me do all the rest and - hey - no stupid charge and no baked in Facebook.

        I'd like to believe the news of recent months would have more people refusing devices with Facebook, but when I glance at people using their phones at work I see the same distinctive bluish layout on each of them... Oh well...

        1. Alan Brown Silver badge

          Re: GDPR violation ?

          5: If you disable an app, and it somehow manages to reenable itself AND install the updates you'd removed, then that's an arguable explicit removal of consent that they just rode roughshod over AND unauthorised modification of your pocket computer that just happens to make phone calls too.

          Forget going after Facebook. Just go after the manufacturers and watch how fast updates start coming out.

      2. JohnFen Silver badge

        Re: GDPR violation ?

        Those agreements may (or may not, I don't know) be considered consent by the law, but they are certainly nothing remotely like consent in practical terms.

  15. RFC822

    BK Package Disabler

    On a Samsung handset, you can use BK Package Disabler (available in the Play Store) to disable all the various bloatware (Facebook included).

    Doesn't require root and only cost a couple of quid.

    (I have no affiliation, etc, etc)

  16. Anonymous Coward
    Anonymous Coward

    'handset are transmitting mysterious information in the background back to Facebook's servers'

    What tool is used to capture this background feed on a cellphone? Or is it inferred though Wi-Fi router logs etc, if phone is tested that way. Anyone know? I'd like to repeat this test myself. Is there a mobile Wireshark etc?

    1. Anonymous Coward
      Anonymous Coward

      'Is there a mobile Wireshark etc?'

      No Android Wireshark, but anyone ever tried one of these?

      https://techwiser.com/wireshark-alternatives-for-android/

    2. Adam 52 Silver badge

      Re: 'handset are transmitting mysterious information in the background back to Facebook's servers'

      I put a WiFi access point on an old fashioned Ethernet hub and run wireshark from a PC on the same hub.

      That's not going to work forever but my new gigabit switch allegedly has a packet trace function, haven't tried it though.

  17. Julian 8

    I would root my phone and remove this and some of the other "system apps" that I do not want, however I still want to use my banking apps and as soon as I root they stop

    I have a 2nd phone which is rooted and has all the various xPosed and cloakers, but while some worked for a bit (except BarclayCard), when I currently try them the all fail.

    I have even asked that they add a "I accept this phone is rooted and any losses caused by this phone will not be covered by <name of bank here> and I am responsible"

    I also pointed out that on an older phone running an old Android (4.4) it was probably so bad that it being unrooted and running a banking app was possibly worse than a newer root android version

    No answers on any of those

    1. Spanners Silver badge
      Big Brother

      @Julian 8

      Puts one back in mind of old left wing paranoia...

      Banks and corporations sticking together in the best "capitalist exploiter" tradition

    2. Pat 11

      If you're up for rooting you're probably up for community ROMs which will not usually have this crap in. Some ROMs also have microG GMScore (https://forum.xda-developers.com/android/apps-games/app-microg-gmscore-floss-play-services-t3217616) which allows you to dispense with Google Play Services. You can be rootless in this scenario and still use your banking apps.

      1. Charles 9 Silver badge

        Not necessarily. Root-aware apps are usually also custom-aware apps, and from Nougat on, dm-verity is strictly enforced.

    3. Dan 55 Silver badge

      Banking apps are pretty bad themselves when it comes to permissions.

      Doesn't the mobile website work?

    4. CrazyOldCatMan Silver badge

      I still want to use my banking apps and as soon as I root they stop

      The Nationwide app is quite happy to run on my rooted OnePlus 3..

      1. Anonymous Coward
        Anonymous Coward

        "The Nationwide app is quite happy to run on my rooted OnePlus 3"

        I'm pleased to say that the Nationwide app doesn't ask for any naughty permissions and relies on good old 2FA for the stuff I told them. Unlike the TSB app which I will not allow on my phone. Currently as a new customer (guess why) I am rather impressed with their security and their IT, I just hope someone isn't about to tell me not to be.

  18. Anonymous Coward
    Anonymous Coward

    Who knows what the software is collecting and sending back to base?

    One supermarket around here (in order to avoid lawsuits let's call it Carrefive) used to had an interesting system to get customers to join their credit card program: when you paid at the cashier they ask if you were going to pay with the Carrefive card. When you answered cash or another credit card somehow they would summon a lady who would try, very insistently, to make you join their card program.

    After this happening to me five, six times in a row, I've asked them to stop it, not because it was annoying but because it was pointless since they tried several times in a short interval and I wasn't interested. I guess they stopped because I was polite and smiling all the time while explaining that it was annoying.

    Back to Facebook: maybe they're monitoring you because you have a cell phone and is not a Facebook user? Some marketers are probably scratching their heads thinking about what to do. They'll send the goons soon.

    1. Captain Hogwash Silver badge

      Re: They'll send the goons soon.

      I prefer the personal touch you only get with hired goons.

    2. JohnFen Silver badge

      Re: Who knows what the software is collecting and sending back to base?

      "They'll send the goons soon."

      At least goons are upfront and honest about what they're doing.

      1. onefang Silver badge

        Re: Who knows what the software is collecting and sending back to base?

        And the hired goons wont be too upset if you send them back with a black eye. It's all part of the way they do business.

        Though usually I just let them bruise their fists on me while I glare at them, until they give up and go away. Or my personal favourite if someone attacks me with a knife, I take it off them, hand it back to them, and say "here try again, that was the first lesson". Only once has anyone found out what the second lesson is.

  19. John G Imrie Silver badge

    There are two groups of people that can't use Facebook ...

    according to Facebook's T&C's the under 13's and those on a sex offenders register. Is Facebook slurping their data as well?

    1. spireite

      Re: There are two groups of people that can't use Facebook ...

      Thats a different kind of slurping right there!!

    2. Voland's right hand Silver badge

      Re: There are two groups of people that can't use Facebook ...

      according to Facebook's T&C's the under 13

      That is a regurgitation of a specific USA law which has no legal standing in Europe.

      Every European country has different definitions of age of consent, age of criminal responsibility as well as sometimes various additional ages/permissions you need to comply with.

      Nearly all of them are NOT 13.

      In most cases we are looking at 16 with a couple of countries being on the extreme of 18. Providing a service which involves processing personal data to anyone younger than that without explicit parental consent (in some cases of BOTH parents) in writing is illegal as per the laws of the countries in question.

      This is one thing for which F***book, Google and other slurps should have been taken to the cleaners long ago. It is an open and shut case and they should have been found criminally liable and dealt with.

      Unfortunately, in most countries the DPA is either in their pocket or sleeping at the wheel. Even when it is related to "thinking about the children".

  20. LucreLout Silver badge

    3 more days people

    Then we can have at them with the GDPR fine backed subject access requests.

    Pretty please, whether you have an account with them or not, send a request on GDPR day and lets sink them under the weight of fines and paperwork.

    1. VinceH Silver badge

      Re: 3 more days people

      ^ This.

      I've mentioned before that in my new (mostly unused) Facebook account, there are things (apps) listed in my advertising prefs that they really shouldn't know about - sourced from my phone. I do not have the Facebook app, nor Whatsapp, or any other Facebook crud on it, so something *else* has got that info to them. If I do the 'download your data' thing, there is no mention of those apps (it doesn't include your account settings, so no advertising prefs are included) - so I'm hoping a Subject Access Request might yield the mystery source.

      (I do have a suspicion as to that source - and if I'm right, the ultimate blame lies with WileyFox and an update).

      1. Dan 55 Silver badge

        Re: 3 more days people

        Wileyfox/Yandex Zen?

        1. VinceH Silver badge

          Re: 3 more days people

          I'd forgotten all about Yandex Zen - I found out how to disable (or at least hide) it soon after it appeared. Looking now, I can't see any trace of it anywhere; I note the phone is on Android 7.1.2 so I wonder if WileyFox removed it in that update? If they did, it rules out Yandex Zen because I triggered a very brief change in the apps that show up in my ad preferences on Facebook a couple of weeks ago when experimenting.

          But if not - if it's still there and I'm just not seeing it - then that could easily be the real answer.

          My actual suspicion was TrueCaller - another piece of absolute crap that appeared in the same update as Yandex Zen, can't be disabled, and replaced a perfectly good contact manager/dialler.

          Its privacy policy contains this gem:

          "By accepting the TrueCaller Privacy Policy and/or using the Services you consent to the collection, use, sharing and processing of personal information as described herein."

          However, since it was foisted on WileyFox owners with no real choice (short of rooting phones and dealing with it that way), there is no option but to consent. Further down, it says:

          "When you install and use the Services, TrueCaller will collect personal information from you and any devices you may use in your interaction with our services. This information may include e.g." followed by a list that includes "applications installed on your device".

          There is a new privacy policy coming into force on (you guessed it) 25th May - and in the installation and use section, it still says the same.

          Under the circumstances, I can only read it as "Since you use a phone on which TrueCaller has been forced on you, TrueCaller will collect..."

  21. Dabooka Silver badge
    FAIL

    Swing and a miss

    Do they actually think people believe this twaddle?

    Ensuring the most up to date version? Surely that would be better accomplished by allowing users to install the app direct from the store on the day they want it? Pre-installing something is a guaranteed way of making sure it ships without the most up to date version.

    Bell ends.

  22. Christoph Silver badge

    "Facebook insisted to The Register that no personal info is being trafficked, only things like the operating system version and device type that Facebook uses to keep the app updated."

    If the app is installed it will automatically update itself to the latest version.

    "By having Facebook apps pre-installed, we ensure people have the latest version of the application installed on their device"

    They have to have the app pre-installed as that's the only way they can be sure it's the latest version.

    Would Zuckerberg care to explain the direct contradiction between those two?

    1. Stoneshop Silver badge
      Big Brother

      Updates

      Would Zuckerberg care to explain the direct contradiction between those two?

      You are not supposed to understand this, peon.

  23. sawatts

    Battery Draining and Unstoppable

    I had to uninstall all Facebook apps from my phone last year - for the second time. Fortunately they where not part of the OEM installation, so I could do this.

    The reason was that, even if I didn't use these apps, they drained my battery by midday. Without them I get a clear day off a full charge.

    What was particularly unacceptable was that even if I force stopped these apps - when trying to keep some battery life for emergencies - they kept restarting. At this point it became a liability, risk, and safety issue to have them installed - regardless of their covert data slurping shenannigans.

  24. jonha

    Unlock bootloader, root, install Lineage OS

    I only buy phones and tablets where I can do these three things. Not only can I get rid of all sorts of crap that came with the phone (though rarer these days) I also "lose" access to all Google apps and their potential for doing mischief.

    It should be made much easier for consumers to do this sort of thing... my parents could certainly not do that, so I have to do it for them.

    1. Anonymous Coward
      Anonymous Coward

      'Unlock bootloader, root, install Lineage OS '

      Got links to help? Some Root tools are scary, operate out of China and phone home a million things. Its hard to trust anything anymore... How do you infer which models you can safely root without bricking them for starters? Its hard to know for sure etc. XDA Developers is/was a good site, but not foolproof anymore!

      1. Pat 11

        Re: 'Unlock bootloader, root, install Lineage OS '

        I know it's against orthodoxy, but most people don't need root. You can install something like LineageOS and still block ads using (eg) Adguard. Otherwise Magisk is very unlikely to be compromised.

        1. jonha

          Re: 'Unlock bootloader, root, install Lineage OS '

          It depends. I am an IT professional and I would just not use locked hardware if I can help it. Case in point: I recently needed NTFS access for my tablet's USB OTG. No problem with root, just install NTFS-3G and couple of utilities and it's good to go.

      2. jonha

        Re: 'Unlock bootloader, root, install Lineage OS '

        As you implied it all depends all on the maker and the model. I had positive experiences with Samsung and Moto hardware... but I agree that it can be a minefield. As so often it boils down to the amount of money one is prepared to spend... after having been burned in the past I decided to concentrate on "known good phones". They are a bit more expensive (though a Moto G4 Play, say, won't break the bank at all) but I use them for a few years and the peace of mind over that period is worth it IMO.

  25. Frank Zuiderduin

    Nokia

    Clean enough for me. No faecesbook junk anywhere. Hardly any pre-installed stuff anyway.

  26. Teiwaz Silver badge

    I'm still carting my Nokia 900 around, after that, maybe a dumb phone (if such are still available)

    Pretty sure we've gone down the wrong trouserleg earlier in the decade (it's probably the Auditors again) and I'm still waiting for the universe to self-correct.

  27. Anonymous Coward
    Anonymous Coward

    for a fleeting moment...

    I wondered if I should jump ship back to Apple. With all this shit going on with Android (and no I don't want to root the phone for the reasons already stated) I wondered if returning to the warm safe Apple Walled Garden would be better.

    Then I looked at my wallet (physical thing with cash inside) and decided Nah.

  28. Anonymous Coward
    Anonymous Coward

    That would explain how my Facebook account knows which apps are installed on my phone. Even though I've never used Facebook from my phone, and disabled the impossible-to-uninstall app, I had missed the "Facebook App Manager" app until recently.

    Only 3 days left before asking some pointed questions...

    1. VinceH Silver badge

      See also my comment further up. They know about some apps on my phone without any of their crap being installed.

  29. MJI Silver badge

    Checked my phone

    Facebook installed and slurping.

    Never started it, not on any menus, where did it come from?

    So uninstalled it.

    My phone already has a decent messaging system on it and also a semi usable voice chat system.

    However voice chat is clunky and not a patch on an old Nokia N8 I am trying to resurrect

    1. onefang Silver badge

      Re: Checked my phone

      "a semi usable voice chat system."

      I think those are called phone calls, or used to be. Am I showing my age?

      1. MJI Silver badge

        Re: Checked my phone

        Yes they are, and to be honest it is hard work to call someone.

        Much easier on older phones.

        Takes nearly a minute on my latest one.

  30. Bloodbeastterror

    Disgusting...

    I run an Android custom ROM (LineageOS 15.1), rooted, and on the back of this article I performed a search using Root Explorer for "facebook", expecting to find nothing - after all, I'd done many full wipes and haven't had a stock ROM for a long time. I was amazed to find around 30 references in various apps. I've nuked them - if the app fails because of a missing Facebook reference then it's not an app I want to use anyway.

    The sooner this dangerous foul application is closed down the better. What a shame that so may people continue to sleepwalk towards 1984... (and yes, I do appreciate the irony of using a Google device).

  31. VinceH Silver badge

    If Facebook is glued into your Android phone, it will stay there, pinging Facebook, and you don't even have to use it. In fact, you don't even have to create a profile.

    ...because Facebook will do that for you.

  32. Rob Crawford

    Funny enough on the phones I have I simply disable preinstalled apps that I don't want.

    The fact that I also remove all permissions before disabling them (and check my firewall logs for them chatting) does not make me paranoid.

    1. PerlyKing
      Facepalm

      Re: I simply disable preinstalled apps that I don't want.

      This is not always possible, at least not without rooting and not all of us want to void the warranty on a brand new phone that we've just shelled out hundreds of pounds for.

      1. Alan Brown Silver badge

        Re: I simply disable preinstalled apps that I don't want.

        " not all of us want to void the warranty on a brand new phone"

        Despite the FUD on this, rooting the phone does not blow the warranty on the hardware.

  33. Loyal Commenter Silver badge

    adb is Your Friend.

    As long as you have access to a PC, a USB cable, and can find drivers for your device, you can use adb to remove any and all bloatware from your device:

    https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/

    Most people with Android phones don't realise that adb can be used to do a number of things you'd normally need to be root to be able to do...

    Caveat emptor - if you remove something you later realise you needed, it's entirely possible you might cripple your phone. It's probably a good idea to make a backup of the apk files you're going to remove just in case you realise you need to put them back on again!

    1. slimshady76

      Re: adb is Your Friend.

      That doesn't remove the app, it just disables it for the user 0, or main user.

      1. Miller001

        Re: adb is Your Friend.

        Nope, it uninstall the app.

  34. Anonymous South African Coward Silver badge

    LineageOS FTW.

    Pity you don't get ROM's for more devices. I have two Huawei Mediapads, but no ROM's for them. :(

  35. adam payne Silver badge

    The Facebook app shouldn't be a system app and should be removable but I guess that is what the zucker is paying them for.

  36. iron Silver badge

    Try harder

    All three are disabled on my phone, as is the pre-installed Instagram app. Your 'reader' needs to try harder.

    (I used standard Android features to disable these apps and remove them from the launcher, no 3rd party software or root access needed.)

  37. DrXym Silver badge

    Crapware

    "best experience on Facebook right out of the box"

    Except that never happens. The version of the app baked into the firmware is ALWAYS obsolete. So now your phone wastes space on a duff copy of the app and even more space replacing it with the current copy.

    And if you never use Facebook you're stuck with it and whatever it's up to, e.g. stealing your contacts and usage info. At best you can disable this junk and pretend it doesn't exist. At worst you can't.

    It's not just Facebook either but often other social media apps, antivirus software, dubious network/manufacturer services and so on. All cluttering the UI, draining the battery and reducing the chances of firmware updates.

  38. Triumphantape

    Only buy phones that have pure Android on them, or can take a pure OS image.

    1. Charles 9 Silver badge

      Can you provide a list of such phones that don't have other strings attached AND are relatively feature-rich such as having a high-resolution 5+-inch screen, removeable battery, and so on. With their price tags?

  39. Anonymous Coward
    Anonymous Coward

    transmitting mysterious information in the background...

    even though he doesn't have an account with the social network, isn't therefore logged in, and has repeatedly tried to turn off background data.

    I guess it's transmitting:

    he doesn't have an account!

    he isn't logged in!!

    he has REPEATEDLY tried to turn off background data!!!

    ...

    Dial F-A-C-E-B-O-O-K

    Hello, Facebook, what's your emergency?

    [transmitting...]

  40. JaitcH
    WTF?

    What Better Reason to Buy ZTE or HuaWei?

    The USA, starting with Obama, started canvassing countries around the world advising the use of Chinese cell handsets was a risk security.

    To me it's more likely the risk was they didn't have American spyware so the Americans could stick their snouts into everyone's business.

    Basic cell handsets are the best - their Design Optimisation process eliminates even GPS!

    My smartphone has no SIM and the only added application is MESH radio. Eliminating all the back-chatter sure makes the batteries last longer.

    QUESTION: Who pays for the airtime of all the surreptitious collection of data?

    1. doublelayer Silver badge

      Re: What Better Reason to Buy ZTE or HuaWei?

      Would that it were so. However, while I can't speak for Huawei, I have seen two ZTE phones purchased by family members. Both had facebook installed by default. Fortunately, on one it was possible to disable it (though not to uninstall it) without rooting, and the other phone was dropped and damaged so I threw it away. Don't assume another country is far enough away to avoid these parasites.

    2. onefang Silver badge

      Re: What Better Reason to Buy ZTE or HuaWei?

      "QUESTION: Who pays for the airtime of all the surreptitious collection of data?"

      ANSWER: you do.

  41. Anonymous Coward
    Anonymous Coward

    So who is guilty? Sprint or LG?

    It's not Google, as stock Android doesn't contain Facebook and allows apps to be disabled.

    As this is a network phone, it's likely sprint are taking a bundling payment from Facebook. It could be LG, but their SIM free firmware doesn't have this I believe.

    Time to name and shame the offending party...

  42. Jeyell

    Sanding stuck-on

    Tried to uninstall the FB app from my Samsung Note 8 and couldn't. Samsung said it was part of the OS bundling. Now Samsung would not install the FB app without receiving something in return... My data?

  43. Jeffrey Nonken Silver badge

    "our reader, who wished to remain anonymous..."

    Too late.

  44. Sir Loin Of Beef

    That is interesting because I have both Facebook and the Data Manager disabled on my Android phone. I am not sure if that actually helps but I am able to disable both.

  45. JohnFen Silver badge

    A fantastic example

    This is a fantastic example of why I won't be buying any more Android smartphones. Currently, I can use mine in peace, but I'm less sure about newer devices -- and I'm getting tired of fighting this arms race anyway.

    I'm getting off this train. Facebook, Google, and numerous other app developers have thoroughly and completely poisoned that well.

  46. Anonymous Coward
    Anonymous Coward

    Same with SwiftKey, default keyboard on many Android phones, sends all key-strokes to MSFT

    Microsoft bought SwiftKey, a default keyboard on many Android phones - it cannot be deleted on such phones. Yet SwiftKey send all key-strokes to Microsoft servers.

    How can we get rid of SwiftKey??

    https://en.wikipedia.org/wiki/SwiftKey#Privacy_concerns

    1. Anonymous Coward
      Anonymous Coward

      Re: Same with SwiftKey, default keyboard on many Android phones, sends all key-strokes to MSFT

      I think the newer Sony Xperia phones all come preinstalled with Swiftkey; I played with some of them at a phone shop. Previously (a few years ago), the Sony phones only have their own Sony software keyboard.

      Sony probably made a deal with Swiftkey (Microsoft), bundling the app for some cash kickbacks.

      Sony probably also made a deal with MobiSystems, loves to preinstall MobiSystems' apps on Xperia phones. For example, File Commander.

      Sony also had its own proprietary music recognition app 'TrackID'. It was continued last year and the users were 'encouraged' to switch to Shazam. I won't be surprised if Shazam is preinstalled on newer phones.

  47. Anonymous Coward
    Anonymous Coward

    Stuff like this is why I'm seriously contemplating getting an Apple iPhone next time.

    Depending on your telco and/or locality, the pre-installed crap and various other slurping shenanigans might get really insane. I'm not interested in rooting the phone or installing custom ROMs and voiding its warranty.

    I have not purchased any apps, bought any microtransactions i.e. I'm not 'invested in the ecosystem'. All I need to do is port over my contacts and chat messages from Android to iOS and I'm done.

    I have never used a microSD card despite my phone allowing me to use one, so I won't be missing that on an iPhone. The only thing that I need from Google on an iPhone is Google Maps, and I can get the app from Apple's app store.

    With newer Android phones getting notchy and removing the headphone jack, there are fewer and fewer compelling reasons to stay with an Android phone.

  48. Packet

    Quite disappointing... selling soul indeed

    I'm rather surprised at the blatant data gathering.

    Yet, somehow, I suppose I shouldn't be, considering who makes it, and how the revenue stream is structured, etc, etc.

    As much as I like to berate Android, I grudgingly understand why people pick Android devices, be it customization, compatibility, cost, etc etc. (There are some features I would like to see in Apple from a UI perspective)

    Yet when things like this - I do feel far more comfortable on the iOS platform.

    Sure, Apple doesn't have all the answers, and is absolutely annoying sometimes, but I prefer their attitude towards privacy, compared to Google/Facebook/others...

    Flame away, folks, if you must

    1. JohnFen Silver badge

      Re: Quite disappointing... selling soul indeed

      No flame from me -- but I also don't consider iOS to be an acceptable replacement for Android devices. The issues are different, of course.

      I can't find a smartphone from any manufacturer that I can make acceptable from a security point of view and that can still do what I want from a smartphone.

      1. Charles 9 Silver badge

        Re: Quite disappointing... selling soul indeed

        Same here. Well, if you want something done right...

        Maybe it's time for someone to submit a new Android phone design. One that actually DOES tick all the boxes because it's not designed to make money.

  49. Anonymous South African Coward Silver badge

    Just do the following :

    rd .facebook_cache

    touch .facebook_cache (to create an empty file)

    That should be enough to confuse the ne'er-do-well zuckerborg crapplet, yes?

    I've used this method to block a couple of worms on computers whose AV was braindead to the worm phutzing around.

  50. BillsBacker

    There are a number of no-root firewalls around to blacklist that data.

    1. Charles 9 Silver badge

      Most rely on the VPN system, so if you have to use ANOTHER VPN, you're SOL. Plus System apps don't necessarily have to obey the VPN if they can IP direct to a server.

  51. JassMan Silver badge

    The B'stards even do it on Tizen

    Luckily only over WiFi not mobiledata. Until I sat on my Tizen Z3 and killed it, it used to download 13 MB of FBmessenger each day. In spite of it being standard practice to check if a new version is available by comparing against the currently installed version, it appears that the Tizen version of FBmessenger downloads and re-installs itself every day.

    "By having Facebook apps pre-installed, we ensure people have the latest version of the application installed on their device, giving them access to bug fixes, critical security enhancements, and other new product features." --- what a load of B***cks! If they want to ensure you have the best user experience, they don't waste your data and processing cycles running and downloading stuff you are never going to use. If they want to do what they claim they should do the download the first time you are stupid enough to use their product.

  52. Miller001

    You can't uninstall the apps?

    Yes you can. You can uninstall system apps via ADB, root not needed.

  53. Uberior

    GDPR Cycle of Deactivate

    My little pub-quiz group are all Wileyfox fans and we've come up against a bit of a problem.

    It has Truecaller pre-installed. Now, I really don't like Truecaller so have never activated its services as such, but it handles all the call management.

    Ahead of GDPR, we had to agree toTruecallers T&Cs or it locked us out of making calls. The "deactivate" function didn't work. Now I started looking into it on the day it kicked off, but as I'd witnessed a nasty accident, I had to agree to the T&Cs before I could dial 999 for an ambulance!

    When bloatware limits a phone users access to the emergency services until they agree to new terms and conditions, there's a bit problem.

    1. Dave Lawton

      Re: GDPR Cycle of Deactivate

      @Uberior

      Try Zero Dialer as a replacement.

      In Settings>Apps>cog>Configure apps set 'Phone app' to ZERO Dialer

      Sorry, I can't remember if there were any more steps,

      but that worked on my Swift 1, after it downgraded itself to 7.0.1

      HTH

  54. jamesisinspain

    F**Ebook

    Try out any xiaomi phone. No Facebork anywhere to be seen :)

  55. Henry Wertz 1 Gold badge

    What a load of crap

    "Facebook insisted to The Register that no personal info is being trafficked, only things like the operating system version and device type that Facebook uses to keep the app updated."

    What a load of crap. I've done some Android software development; Google Play's software developer portal ALREADY tells the developer what makes and models of phone or tablet have the app on it, OS version, screen size, RAM and storage specifications, and so on, and Google Play Store can already use this information for updates. It lets the developer specify to install different APKs (android packages) based on OS version, screen size, phone versus tablet, RAM, etc., as well (i.e. phone versus tablet version of an app, or a game where it may have smaller or larger textured depending on device capabilities.) Facebook's app has zero reason to send the info they claim they are sending; frankly, FB should not be getting **ANY** information from anyone who is not actively using their app.

    Honestly, if I bought a phone and it had FB junk on it, I'd try to root it to excise that garbage. If i found it could not be rooted, that phone is going back to the store for a full refund.

    1. JohnFen Silver badge

      Re: What a load of crap

      "If i found it could not be rooted, that phone is going back to the store for a full refund."

      I did this once, almost 10 years ago. I bought a new phone (under contract) from AT&T, and discovered that I couldn't root it, as the phone was so new that nobody had broken the bootloader security yet.

      So I took it back to the store and returned it, telling the precisely why, and requested the older model of the phone which I knew could be rooted.

      The AT&T salesdroid gave me no problems over this, and even mentioned that for any extra $200!) they sell a "developers" model of the same new phone. The only difference is the bootloader isn't locked in it.

      That was the last time I bought a phone under contract, and the last time I bought a phone from a carrier.

  56. Henry Wertz 1 Gold badge

    system apps

    "That is interesting because I have both Facebook and the Data Manager disabled on my Android phone. I am not sure if that actually helps but I am able to disable both."

    Yeah, I think the difference is on your phone, they shoveled^H^H^H^H pre-installed these as apps. On the phones where this can't be disabled, they improperly stuck these on as SYSTEM apps. Since system apps are supposed to be performing important system functions, the GUI doesn't allow disabling them (most people wouldn't want to disable for instance the phone dialer or settings menu.)

  57. bofh1961

    My phone is full of unwanted apps

    I'm pissed off with my android phone constantly telling me that it's running out of memory and that I need to transfer apps and data to the SD card. Which has over 15 GB free. The phone would have enough left of its own 8 GB if it weren't for the plethora of installed apps that I can't remove. Why the frog would I want to watch video on a screen that small? I don't want the YouTube app but I can't get shot of it. I've no freaking idea what the Google app does apart from open itself spontaneously now and again.

    I want a Linux phone that I have full control over with no apps and everything online accessed through the browser of my choice. Google, Sony and EE have more control over my phone than I do and that really pisses me off. I don't put up with Microshaft and HP controlling my PC...

  58. OffBeatMammal

    in countries where you pay by the byte for data (@Telstra here in Australia, I'm looking at you) especially if the crap is pre-installed on a phone bought from the carrier who pays for that data? The user (was there disclosure?) or the carrier (have they zero-rated the IP/URLs this shit talks to)?

    Pixel2 user (after a couple of Nexus devices) so not suffered from too many pre-installed apps (apart from the Google spyware and multitude of messaging apps) but it looks like Google may be in the spotlight for this already - https://www.theregister.co.uk/2018/05/14/oracle_tells_tales_about_google_data_slurps_to_australian_regulator/

  59. dbtx Bronze badge

    All this means is that they bought the wrong phone, and the set of phones which contains all those which could be called "the wrong phone" is getting larger. Here's a link to a growing set of phones which could be called "the right phone":

    LineageOS 15.1 Official Supported Devices List

    I'm (sadly) shopping for a new phone (and starting on that page) because I can afford all the parts for e.g. a ZeroPhone or my own take on what it could or should be-- but I just don't have the time to pour into it :(

    1. Charles 9 Silver badge

      No, "The Right Phone" is one that comes with no such crud in its STOCK ROM since those are the only ROMs that are certain to allow all the apps (including the ones that test SafetyNet and so on and thus can detect roots and custom ROMs--Lineage itself disclaims itself from those apps). And the ZeroPhone isn't an option either because it lacks enough app support.

      1. dbtx Bronze badge

        Your right phone is wrong for me and having the usual app store be optionally absent is a huge plus on Lineage's chart. OTOH, ZeroPhone has all the Raspbian repos, so that's neat. It's up to everyone to figure out they'd rather have their phone be a super kick-ass multi tool that embeds itself deeply into their mortal existence, or maybe they just want a small portable computer that sends commands to a modem to make phone calls. And holds a contact list, and SMS in/outboxes, and maybe short notes a.k.a. "plain text files"

        1. Charles 9 Silver badge

          "It's up to everyone to figure out they'd rather have their phone be a super kick-ass multi tool that embeds itself deeply into their mortal existence,"

          That's what most people want (myself included; on-the-spot research is very valuable these days), so you're outvoted.

          1. onefang Silver badge

            '"It's up to everyone to figure out they'd rather have their phone be a super kick-ass multi tool that embeds itself deeply into their mortal existence,"

            That's what most people want (myself included; on-the-spot research is very valuable these days), so you're outvoted.'

            I use a dumb phone for actual phone stuff, and a smart phone for my super kick-arse multi tool.

            Though a small part of the reason for that is that sometimes I use my smart phone strapped into a Google Daydream to give VR demonstrations to senior citizens. I don't want the thing suddenly ringing loudly while it's strapped to some poor octogenarians noggin, who was quietly sitting near a virtual pond feeding virtual ducks, then to rip it off her face, quickly pull it out of the headset, and answer with "Um, hang on a minute while I call an ambulance, little old lady right in front of me is having a heart attack, and I think I just broke her nose." while hungry virtual ducks quack loudly in my ear.

          2. dbtx Bronze badge

            outvoted, like everyone decides together what it is I'm supposed to want? Gee, isn't that how the article's original problem came into existence? When I decide what to put in my pocket, there is only one "voter".

            1. Charles 9 Silver badge

              But when manufacturers decide what phone to make next, numbers count, meaning your isolated decision isn't going to matter much and they'll make what everyone else wants: locked-down turnkey stupid phones that phone home, include irremovable spyware, and won't let you change out the battery when (not if) it wears down.

              Frankly, the phone I want (thick with removeable battery, SD support, absolutely minimalist ROM with everything but Call, Messaging, and Toolkit optional BUT with full app support for the ones I DO choose, do root and custom is not an option due to SafetyNet and dm-verity, built-in app and Nandroid backup facility) doesn't exist and probably never will be. Unless you know someone willing to make such a phone from scratch...

  60. Anonymous Coward
    Anonymous Coward

    Why would anyone get a personal computer ...

    ... and not have the root password?

    I get it that phones are overhyped embedded devices and as such they are not very user friendly choosy about who their friends are, but why would you make a personal investment on a device that is not under your control?

    1. Anonymous Coward
      Anonymous Coward

      Re: Why would anyone get a personal computer ...

      Lack of alternatives, maybe? Beggars can't be choosers, and going without is not an option for many.

  61. iowe_iowe

    unexpected consequences

    As a devout blackberry Passport user, I've been accustomed to the gradual non-functioning of various apps including LinkedIn and Whatsapp as support was withdrawn from them. I'm beginning to feel quite smug when I hear about the data-slurping antics of the US mega corporations...still the best phone ever (IMO), if you're concerned about data privacy, since no-one but government agencies and compliant ISP's can be bothered to update such a small demographic of users, take a look. You can buy one for a couple of hundred quid..

  62. MR W B Jones

    I have an issues with google voice search on my s8, where by every time i do a search, it says "we have noticed that you have turned off google voice tap here to turn it back on"

    I keep dismissing it and they keep asking its been going on for months now, i dont want google voice always listening for me to to say OK google.

    how many times do i have to dismiss a google message to get it to leave me a lone, feels like they are trying to nag me to give in and turn the dam thing on, tried contacting google the makers of android but they just say its samsungs fault and vice verse...

    1. TonyJ Silver badge

      @MR W B Jones - try a different launcher. I find either Nova Prime or even Microsoft Launcher to be superior to the Samsung one, but there are plenty of others you could also try.

  63. Jamie Jones Silver badge
    FAIL

    Bollox

    We have partnered with mobile operators and device manufacturers to pre-install Facebook apps on Android devices to help people have the best experience on Facebook right out of the box and during the life of the device. By having Facebook apps pre-installed, we ensure people have the latest version of the application installed on their device, giving them access to bug fixes, critical security enhancements, and other new product features.

    Is this bullshit expected to work? Straight out of the Trump/Conway/Huckerbee-Sanders/Chemical Ali school of brazen crap.

    Even if their reasoning was true, it would be pre-installed as a user-app not a system one.

    It's because of this type of shit the EU came up with GDPR - Facebook et al. should be careful that the US government doesn't do similar....

    HAHAHAHA - I'm joking, of course - America is run by the BOD (Business Orientated Democracy) - but don't feel alone, apparrently a large number of UK citizens don't enjoy rights either, so we voted to leave the EU. I'm sure the UK will dilligently play catchup to our American overlords.

    [ We really need a "bullshit" icon ]

  64. ds33d8977JH3%3£1

    Same going on with the Samsung purchased from PCWorld.co.uk. I am of the opinion there is a modern day version of the Phoebus Cartel in operation with the players being at least Microsoft, Facebook & Google because I am surprised that reports from ActionFraud.Police.uk can disappear from their systems.

    As we only deal with a call centre, its virtually impossible to identify who is at the other end of the phone despite what they might tell us, plus call centre staff invariably don't take ownership of calls and follow reports through to conclusion, its just passed on to those higher up to make "difficult" decisions for the proles.

    One other elephant in the room, is the ability to update firmware on a variety of chips found within computers and peripherals and yet no manufacturer provides a tool to verify its their firmware.

    Only Mitre's Copernicus tool can check the bios if you are a large enough company with near identical computers.

    The Intel ME Cleaner found on GitHub which partially de-blobs Intel CPU's means its technically possible to install malware inside an Intel CPU as the measures put in place by Intel to ensure the ME has not been tampered with is not sufficient to spot its been partially de blobbed, but who can show me a security product that checks the Intel ME cleaner is genuine?

    Who cares if you have DD dev/zero'ed or dev/random'ed your hard drive before reinstalling your OS again if its your, bios, cpu and harddrive hiding the malware for you?

    Check out ModSprites HDDHack to find out how to insert malware into your hard drive controller, if you want to know more!

    Now lets see what page on the comments the bots push this down to says the cynic.

    1. Anonymous Coward
      Anonymous Coward

      So how soon before we have confirmed nuke-proof malware and the advice becomes "give up electricity and go live in some wooded mountains somewhere"?

  65. Anonymous Coward
    Anonymous Coward

    This "research" is a little incomplete..

    These two Facebook related apps only appeared AFTER an upgrade to Android 6.0 (Marshmallow) probably because Marshmallow (finally) allowed for some small degree of control over an apps PERMISSIONS.

    The mysterious Facebook apps in question allow Facebook to update the Facebook app without user intervention and bypass the Google Play Store.

    These two Facebook apps are usually found on Android devices that have Facebook pre-installed with other bloat on Android 6.0 and higher.

    From what I've seen in testing, the user cannot "sideload" a generic copy of Facebook app unless it was extracted from the same Android device because the two apps in question check SHA sums.

    More research is needed of course but my initial belief is that the mobile phone vendor that bundled the device with the Facebook app and other bloat (may) have access to the users social media data as would a developer would if a user logged into an app containing the now infamous Facebook Graph API.

    I think it is also very telling that there has been no "official" security researchers looking into this.

    Probably because all the "antivirus" companies are guilty of exploiting the Facebook Graph API as well.

  66. Mike 137

    "We're all for regular security updates,"

    Why not instead be for vendors not handing us a pile of sh...?

    The position that it's OK to supply a grossly faulty product and then spend its entire operational life tinkering with it to fix those faults would not pass muster in any branch of real engineering, from house building to aerospace.

    Unfortunately, since software is now increasingly incorporated into almost everything, other products previously based on real engineering (including aerospace) are being dragged down to a common abysmal standard. This is not just an inconvenience or an annoyance - it's becoming downright dangerous.

    We should not be for "regular security updates" - we should be for getting it not so grotesquely wrong in the first place.

    1. Charles 9 Silver badge

      Re: "We're all for regular security updates,"

      How do you propose that? Bad phones don't kill people (directly) so the Stupid Users never notice. And to them, bling sells more than security, and they outvote you and consider you as paranoid.

  67. Afflospark

    Hey,

    Facebook not only takes our personal data but also ruin our phone via

    1. Facebook Drains Battery

    2. Making Your Phone Slow

    3. via Consumes a Lot of Data

    4. usage of internal memory

    5. It has all the permission of your phone

    And after all of it, we can't uninstall this app via our phone because of it's in the internal app which is come via

    our mobile

    This is totally unacceptable

    I have one idea we have not permission to uninstall this app but we have to disable button via which we can stop facebook to takes our data or drains the battery.

    By this facebook app frozen which is the best idea to do with Facebook.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019