back to article Facebook app now reads your smartphone's text messages? THE TRUTH

Facebook's updated Android app can read text messages on the user's smartphone. The tweaked software now demands access to SMS and MMS messages, and the change was spotted yesterday by blogger Tony Calileo. "This is just one of a bunch of new permissions the app is requesting for this update, but it's probably the most …

COMMENTS

This topic is closed for new posts.
  1. Simon Harris

    Noticed the new permissions already...

    Every couple of days my phone tells me theres an updated Facebook app to install..

    Every couple of days I say no thanks.

    1. Anonymous Coward
      Anonymous Coward

      Inch by Inch

      I'm sorry, but I just don't have the trust in Facebook that many others seem to have. What they say today is not always what they do tomorrow.

      While plausible I still believe it opens the door to other intents, little by little they reel you in......

    2. Loyal Commenter Silver badge

      Re: Noticed the new permissions already...

      When I saw the permissions it was asking for (IIRC some time in December), I quickly unistalled this horrible piece of bloatware and disabled the pre-installed app on my phone. My thinking at the time was along the lines of, "Fuck you FaceBook, go and push your spamvertising at someone else."

  2. Christopher W
    Big Brother

    Lazy people to blame, as usual

    If you're aware of it, most clueful SMS apps in Android will present a toaster notification when you get a new message so you can read a 2FA verification code and tap it in with very little inconvenience. (ChompSMS does this quite nicely and has options to adjust on-screen display for what remnants we have left of our privacy.)

    Frustratingly though, as usual, we all have to blindly accept a blanket read permission simply because people can't be arsed to go into their text messages to get a six digit code. What's the point of two factor if you're allowing an app unsupervised access?

    This is also an excellent highlight of Android's frankly shit permissions model. I'd dearly love to be able to selectively deny permissions to an app to invoke certain functions or system calls (optionally reenabling it later) but nope - vaguely descriptive catch-all categories are all we get.

    The more clueful devs are beginning to list reasons for why their apps request permissions, this should be a mandatory requirement for every app, viewable by all potential punters and completely granular. Apps should also not crash out if part of a call is denied access (they should trap it and just return a null, perhaps with viewable message explaining what's not working) but this would need to be baked into the AOSP core. And can you imagine the software community rewrite carnage...

    At least our security model is moderately translucent, unlike Big A's black box (which GCHQ are gleefully busy exploiting)...

    1. Charles Manning

      Re: Lazy people to blame, as usual

      What this really needs is a service dealing with 2 factor authentication that has its own permission. That way an app does not need fuill SMS permissions to do the 2 factor authentication.

      1. Christopher W

        Re: Lazy people to blame, as usual

        I can see a future where Android provides a nice and sealed off two factor auth method... provided you credential with a Google account - or share your other account details with them! </cynic>

      2. joejack

        Re: Lazy people to blame, as usual

        Yep. Google Authenticator was built just for cases like this. Several services on my phone use it, and no need for SMS.

    2. Rafael L

      Re: Lazy people to blame, as usual

      I partly agree but it's not only because of lazy people. Not everyone is very good with technology, that said I'm sure some people are unable to easily confirm their account using a code in a SMS. Facebook doing it automatically for them is very welcome.

      1. Christopher W

        Re: Lazy people to blame, as usual

        I'm all in favour of more secure accounts. I just find it hard to believe that they'll be competent enough to activate or even understand how two factor works if they still struggle to read SMSes ;-)

    3. Chet Mannly

      Re: Lazy people to blame, as usual

      "I'd dearly love to be able to selectively deny permissions to an app to invoke certain functions or system calls (optionally reenabling it later)"

      Apps like LBE privacy guard allow you to do that.

      Totally agree that Android's out of the box take it or leave it approach is a little more transparent but ultimately does bugger all to protect your privacy

      1. Charles 9

        Re: Lazy people to blame, as usual

        Totally agree that Android's out of the box take it or leave it approach is a little more transparent but ultimately does bugger all to protect your privacy

        Remember that it wasn't Google's idea to do it this way. Their original permissions model was at the insistence of the app developers who wouldn't jump from the Apple store unless they had more control over permissions.

        Given that environment, there's no turning back with regards to the structure, but we can certainly augment the structure to make it more useful. As noted, perhaps the permissions can be divided into more sub-permissions. Also, I think most would appreciate each permission having a written justification provided by the developer.

        1. Lamont Cranston

          Re: "permissions model was at the insistence of the app developers"

          Really? Ugh.

          Maybe Android should be changed so that, if you enable Developer mode, you get fine control over permissions - that way, those who give a monkey's can get it done, and those who don't care don't have to worry about it?

      2. Anonymous Coward
        Anonymous Coward

        Re: Lazy people to blame, as usual

        LBE Privacy guard does not work on Android versions 4.3 and up. Android hinted at possibly later providing native support for privacy-related permissions with the 4.3 release, however as it was still in beta, you needed a third party app to interface with it (see App Ops Starter). It wasn't as functional as LBE, but at least it gave you some basic level of control.

        Then, for no apparent reason, they removed the functionality completely in version 4.4.2. Now, there is nothing to manage permissions. Nice one Google. You're on the fast track to becoming the Apple of the 2010s.

        1. Intractable Potsherd

          Re: Permissions control

          I use Comodo Security to control the app permissions: https://play.google.com/store/apps/details?id=com.comodo.pimsecure. From the notifications it gives, there are a lot of apps busy in the background!

          1. Anonymous Coward
            Anonymous Coward

            Re: Permissions control

            And I wouldn't trust COMODO if they paid me.

    4. Anonymous Coward
      Anonymous Coward

      Re: Lazy people to blame, as usual

      Is it 6 digits? What's wrong with using alphanumerics? Even if you strip out the one that could be misread (like lowercase L) you still end up with more variance in 4 positions than 6 numerics would give you.

      Sigh.

    5. sisk

      Re: Lazy people to blame, as usual

      At least our security model is moderately translucent, unlike Big A's black box

      I'd call Android's security model translucent. It's confusing, but if you actually do understand it you know what it's doing. That's not to say it doesn't have problems. Only a fool or a fandroid would call it perfect.

  3. Frank N. Stein

    Glad I abandoned Android and Facebook for Android. I didn't add my phone number to my FB account and don't require two step authentication. These blokes can't be trusted with personal info.

    1. RyokuMas

      "These blokes can't be trusted with personal info."

      Facebook, Google or both?

  4. Adam 1

    Please Google let us selectively deny tokens that an app requests.

    The app developer should have the ability to state whether a given token is mandatory or optional and a few lines to describe why they want it.

    As for optional tokens, there are two ways this can be easily handled. The app developer could either receive a runtime exception when they make a call to a method where the token was denied or they could elect to receive fake data for things like contact lists, GPS coordinates or SMS messages. Then even lazy developers could mark most tokens optional without needing to make code changes.

    1. Hans 1
      Boffin

      >Please Google let us selectively deny tokens that an app requests.

      What, like, say BB10 ? On the wrong platform, mate !

      1. Florence

        BB10 here too, never had an Android phone, and I was dismayed to read how Android app permissions work!

        And then some of these people laugh at my choice of phone...

  5. David Pearce

    So apps want to do two factor authentication by themselves without the actual human user in the loop and they see far too many passwords. Then a rogue App logs into your Internet banking, request a TAC for a 3rd party transfer and starts to empty your account

    1. Anonymous Coward
      Facepalm

      You're good.

      It only took .5sec for me to make that deduction.

    2. Uffish

      Re: rogue App

      From 1995, a Dilbert cartoon:

      http://dilbert.com/strips/comic/1995-12-29/

  6. dssf

    Yet another reason to suspect MZ is on the NSA/CIA payroll?

    Yet another reason to also SLAM google for not creating any sort of content vault system.

    BY DEFAULT, google, damn you, every piece of information on a user's devices should be subject to granular access controls/permissions.

    -- Kakao, talk, line, whatever apps are there in the store or other sources should not have cart blanche access to contact lists!!!! Create in the contact list a check box to deprive access by/reads by apps listed on the install list or at the users' whims.

    -- apps that access or attempt to access contacts, logs, text, memos, art, jpgs, whatever, should be logged and reported to google, AUTOMATICALLY, so that in real-time, google can push down code to users' devices to thwart in a heuristic manner any subversive, invasive, or other surgical attacks on our devices

    If google cannot participate in this kind of discussion and facilitate better protection, first-party, then why do we put up with shit shitty state of affairs. How can be bludgeon or chest-punch google into getting off the sidelines?

    I'm surprise the ACLU and EFF do not seem to be weighing in on this issue on a regular basis.

  7. andreas koch
    Happy

    One does not have to be on Zuck-book

    I just aren't. There, solved.

    1. Brangdon

      Re: One does not have to be on Zuck-book

      I'm not there either. I still have a Facebook app pre-loaded on my phone, which I can't uninstall. Now it repeatedly asks for updates, which I repeatedly refuse. The nagging is annoying.

      1. Michael Habel

        Re: One does not have to be on Zuck-book

        Why haven't you your rooted your Phone yet? Once you root it, you just use something like Root Explorer, and go to /system/Apps and delete any offending "App" you dislike from there...

        1. dssf

          Re: One does not have to be on Zuck-book, Say WHAT?!

          Just yesterday, on my Android-based phone, I saw "update facebook", but i ignored the shit. Due to another app not refreshing, I decided to reboot my phone, which works for that given app when the screen stays black and it takes 10 seconds for a long press on the home button to exit the app or present me a task list.

          I task-kill the app, root around (myself, no root capabilities) looking in vain to kill anything else, and then shut off the antenna, turn on airplane mode, and then...

          After I rebooted, mysteriously (or, why should I have been surprised), no more nag/listing "update facebook".

          I have for YEARS suspected that fuckking android and/or some other apps in the phone bypass the antenna setting, leave the icon dimmed, and call home.

          After this reeboot, I saw somethinakin to "binary installed". WHAT THE FUCK!!! The antenna was OFF, or so I commanded.

          And, at SFPL, where various versions of Android would die or lock up, when connected to the lib's wifi... But, falling back to an older version was OK? That was around early-to-mid 2013, and seems to have stabilized. But, personally, given SF's leftness, and SFPLs steadfast anti-surveillance compliance, and refusal to hand over patron borrowing history, I strongly suspect the library's payroll involuntarily has IT staff who work for another entity. Wifi, for free, in a major library, in a left-town that acts like a nation-state? Not being surveilled? Yeh, right. Maybe the potentially-present sniffing gear had issues with my tablet being the Korea-locale variety? I dunno. My older, android phone was seemingly ok, but not my recent, 2012 Tab.

          Anyway, only with some proper RF gear might I determine whether my phone blurps/beeps/sends or takes in any code.

          Hell, I insinuated that zuckerberg may be on the nat-sec payroll. I suspect google is and has been all along, and possibly even apple. After all, if Apple's warez needed FEWER nat-sec letters to monitor, then it's possible either Apple was cored or just gave up the stuff. All the foot dragging is just for show, for public consumption.

          I guess one way to find out if our phones talk surreptitiously is to plant vile stuff on them and wait to be contacted. Just plant vile shit on them, but never, directly log on to anything, never surf, never, allow it to turn on the antenna, not by one's own hand. Then, justt wait for it to violate the users' commands and then get "discovered".

          Oh, wait, that's my outraged mind speaking. I prefer to not be cuffed, and don't recommend embarking on a cuf-worthy path. But, goddammit, it is the GOVERNMENTS' jobs to do their OWN fucking dirty work, not drag companies into it and facilitate wholesale slurping, or take things to the point that our devices by default LIE to us and by default report on or pass up the line any and every thing they see or are fed.

          Sigh...

          Back to Spooks (er, umm, MI-5, since the USA's history clashes with the term "spooks" being used in a broadcast program.... Sigh ) a quite brilliant, even if entertaining, show.

      2. Loyal Commenter Silver badge

        Re: One does not have to be on Zuck-book

        You may not be able to uninstall it, but you can probably disable it (assuming it's an Android phone)

  8. Buzzword

    iOS?

    "We saw a similar cycle last year over iOS read/write permissions"

    I can't find any more information on this. What's the app privacy situation on iOS?

    1. I ain't Spartacus Gold badge

      Re: iOS?

      iOS stuff asks for permissions as you use the feature. At least the stuff I've installed. And then there are permission lists scattered around the rather disorganised settings menu, where you can grant or remove permission for each app individually. It's then up to the dev what they want their app to do.

      Some simply stop, say they need the permission activated and don't do anything else. So you have to go back to settings and enable - weirdly this doesn't seem to happen via the app.

      I've just looked, and actually there's a privacy menu now, which covers most of it. Although I notice that in giving Google maps permisison to use location services (for satnav) it also gave itself a 'background app' permission I wasn't previously aware of. Hidden in another bit of the settings menu. So that it could access location services even when the app wasn't turned on. So I guess I've been updating Google on lots of stuff to help their mapping for the last couple of months since I used G maps for sat-nav. Cheeky fuckers. Or data-thieves, as they really are.

      Anyway, Apple is a bit of a mess, but mostly pretty good.

      1. I ain't Spartacus Gold badge

        Re: iOS?

        PS:

        I decided to have a look. Surprisingly enough Google Maps also asked for permission to use the microphone. Denied. Nothing has asked for Bluetooth or phots. Only Gmail wanted contacts, also denied.

        Location Services seems to be the biggie, that every app seems to want. I assume it's partly because of advertising. Here Apple are quite good, as even Apple's own apps have to ask for permission to use this. So I've allowed Apple maps, but not the camera or Safari, for example.

        Apple also have an advertising bit in the privacy settings. You can limit ad tracking (whatever that does) and manually re-set your advertising tracking ID.

        1. Simon Harris

          Re: iOS?

          ". Surprisingly enough Google Maps also asked for permission to use the microphone."

          Not so surprised by that - Google Maps can do speech based searches on Android so I'd expect the iOS version to offer it too.

      2. Anonymous Coward
        Anonymous Coward

        Re: iOS?

        I've had non-smart phones from 2005 that had the correct method of permissions, and that was in java (mobile version)!

        I guess someone got greedy along the way?

        1. Charles 9

          Re: iOS?

          I guess someone got greedy along the way?

          Yes, the developers. They wanted control as a prerequisite to developing the app at all. So it was basically "my way or the highway".

      3. fuzzie
        Thumb Up

        Re: iOS?

        That reminds me a lot of how Symbian managed permissions.

        The first time the app tried to do something requiring a specific capability, I'd get a pop-up describing the permission, typically very specific, it requires and the option to select "Never", "Once" or "Always". Plain and simple. Many apps work fine without mobile or Wi-fi network access. As a bonus developers get to write one app and gracefully degrade for parts that customers won't authorise. The Android model seems to favour monolithic apps and avoid cooperating applets/services. Maybe because of the limited tasking.

        *sigh* How things have improved :(

  9. James 51

    Why not just use the mobile version of the site?

    1. Lamont Cranston

      I think facebook design their mobile site

      to encourage users onto the app - it's hideous.

      1. I ain't Spartacus Gold badge
        Happy

        Re: I think facebook design their mobile site

        Lamont Cranston,

        You say that as if the non-mobile version of Facebook is any less hideous.

        As always I default to my standard belief in incompetence over conspiracy (or plan) every time...

  10. Wize

    I did complain to one app author successfully.

    They had permissions creep and wanted access to the microphone on an IR Remote Control app (to let you make voice commands to trigger the remote functions).

    After having words with them, they now do two versions, a basic and one with all the extra functions.

    I doubt that Facebook and Twitter (which also wants access to your SMS) will release a less intrusive app. And as a result, I am not updating them.

    If anyone knows a good and trustworthy apps that will access Facebook and Twitter without all the extra intrusive permissions, please let me know.

    I might even write my own.

  11. Alan Sharkey

    I got pissed off with the Android app, so I de-installed it and now just use the web interface. That does what I need - I'm not sure why one needs the app itself.

    1. Anonymous Coward
      Anonymous Coward

      Hmmmm....

      "I got pissed off with the Android app, so I de-installed it and now just use the web interface. That does what I need - I'm not sure why one needs the app itself."

      And you think the web browser doesn't have all the permissions the app wanted anyway !!!!

      1. This post has been deleted by its author

  12. Terry 6 Silver badge

    Permissions creep

    Too many apps seem to require lots of irrelevant permissions. Often arriving with updates ( so clearly they didn't need this in the previous version).

    My favourite ( moaned about elsewhere) is the blanket access to phone call details. Most of the recent trivial apps seem to need to know who I've been phoning.( So I only use these on a phoneless tablet, if at all).

    1. P. Lee

      Re: Permissions creep

      Indeed.

      Given that this is android, you could get google to auto-file facebook SMS in a particular folder and then allow access to just that IMAP folder.

      But that would defeat the purpose.

      BTW how do you stop FB accessing all your two-factor SMS' messages?

    2. stratofish

      Re: Permissions creep

      The blanket access to phone call details is especially common for games because when an app suddenly loses focus it needs to know how to handle it. If you receive a call midway through a game for example the apps sounds needs muting, the processing paused, etc. You need to be able to read the phones call state to do that and it is all bundled into one permission.

      1. Anonymous Coward
        Anonymous Coward

        Re: Permissions creep

        Sounds like poorly thought out design.

      2. Anonymous Coward
        Pint

        Re: Permissions creep

        Oh, and thanks for the explanation.

  13. davidp231
    Mushroom

    How long...

    ...before the app starts showing you adverts based on the content of your SMS messages? Yet another reason I'm glad I jumped ship to WP8 - I don't even need a facebook app.

    Nuke - simply because they're cool.

    1. Simon Harris
      Unhappy

      Re: How long...

      God! If they did that they might think I *like* seeing messages about PPI compensation and send me some more!

  14. Alan_Peery

    Could Facebook not use Android intents?

    The second point that Facebook makes about having to request all privileges is only true if the app is monolithic. It seems that some of the functions could be split out, optionally installed, and with each separately installed a separate list of privileges could be given.

    If they want a level of trust, they could even make these separate bits open source. An SMS-listener that matches only texts from a certain number and them communicates that a properly formatted two-factor authentication has arrived.

    1. Badvok

      Re: Could Facebook not use Android intents?

      Don't be so sensible, how would they gain access to all your SMS messages if they did it like this?

  15. wolfetone Silver badge

    That BlackBerry Z10 looks all the more appealing to security conscience Android users now, doesn't it?

  16. jason 7

    So is anyone wrting an App Control App?

    You know that lets you list all your apps and the stuff they want access to with a simple Y/N selector?

    1. Ian Yates

      Re: So is anyone wrting an App Control App?

      LBE Privacy Guard (amongst others), although 4.3 breaks it :-/

    2. mickey mouse the fith

      Re: So is anyone wrting an App Control App?

      Xprivacy gives you fine grained permission control, including obscure sub-permissions i.e. you could grant an app the read_phone_state permission, but deny or insert fake/randomised data for the read_imei sub-permission.

      App-ops has been re-enabled in Android 4.3 and above (including kitkat) over on xda. Google really should give up trying to hide the thing and just put it in developer options or something as its really rather good. Although its not as all encompassing as xprivacy, it does handle the main `problem` permissions.

      There is also a cut down version of lbe that works with Android 4.3+, I think its been ripped from a Chinese phone (the company that makes lbe seem to write custom versions for various Chinese handset makers). You need to hunt around to find it for download though.

  17. jason 7

    Either that or....

    ...we have a world "Just uninstall all the crap apps we don't really need/use' Day.

  18. Semtex451

    I'm sorry I thought FB was for tweens and teens, whom are happy to post their intimates 24/7 and, plainly, care not a jot about privacy.

  19. Anonymous Coward
    WTF?

    Lame excuse.

    Why not have the user TYPE the code in, like everyone else does.

    There is no need for Facebook to try and sneak this permission in under the excuse of user convenience.

    1. Charles 9

      Re: Lame excuse.

      For the same reason some people can't set clocks or remember passwords. It's just too hard for some people, and Facebook wants every customer it can (before someone else steals them). Think of it as catering to the lowest common IQ.

  20. Richard 22
    WTF?

    2 Factor Authentication?

    Can someone explain to me how 2 factor authentication is of _any_ use if the second factor of authentication is sent to the device you're logging in from?

    2 factor authentication relies on not only knowing a secret, but also having access to a distinct physical device which only you should have access to. If you're logging in from that device in the first place then it becomes useless as a distinct physical device - only the secret provides any security in this case. The fact that the facebook app then automatically reads the second factor kind of highlights how pointless this is. Better to disable 2FA on that device and therefore not require the READ_SMS permission.

    Unless I've missed something about how the 2FA works in this case (I've never used it for facebook).

    1. David Ireland

      Re: 2 Factor Authentication?

      When you loose your phone you can deactivate the SIM, thus preventing two factor auth, or you could also log into face book, and reset the two factor auth key. Of course, you have to be aware that someone else has access to your phone.

  21. Jason Bloomberg Silver badge
    FAIL

    The problem lies with Android

    Fair enough demanding Apps be less intrusive but Android needs to be able to stop Apps being intrusive while allowing them to do what the user wants. It's no good saying an App should do this or that if Android does not support it being done that way.

    If people want an App to do certain things, and that means having to ask for more permissions than that App needs, it's not really fair to blame the App developer; they are stuck between a rock and a hard place.

    Some App developers will take advantage of having permissions they do not need but Android is complicit in that; if Android did not allow that they could not do so. App developers may be taking advantage of the situation but Android is allowing being taken advantage of.

  22. OffBeatMammal

    it's not us, it's the evil Androids

    sadly with Facebook and their like benefitting from this shitty permissions model they're not going to put pressure on Google to improve the way it works.

    I had a ramble about this earlier this month when I noticed the permissions for Facebook getting steadily more invasive for no apparent benefit - http://post.offbeatmammal.com/2014/01/14/why-i-uninstalled-facebook-and-your-app-might-be-next/

  23. David 138

    I don't get why it needs to read SMS in two stage auth? User logs into new computer - Sends SMS - Facebook reads SMS? Then what? it just lets them in? surly they would have to type it in so that facebook knows its the real user?

  24. McFly

    Hello , only recently bought a 'decent' smart phone for uni , and noticed when I got a google play account that loads of apps say things like they can use your camera and look at txts. If I delete apps will that be enough to stop any of this?

  25. Ian Michael Gumby
    Black Helicopters

    If you believe FB, I've got a bridge to sell you...

    First,

    Try setting up a new FB account where they require you to enter a phone number to verify you're a real person. (Good reason to get a Burner.)

    Second... You are their product. They didn't have to do it the way they did. They could have had you enter it yourself.

    Think of this as evolution in progress. Those that have gained enough intelligence will ditch their FB accounts and walk away from it. Anyone who wants to get a hold of me, knows how to do it.

  26. Anonymous Coward
    Anonymous Coward

    If you've done nothing wrong, you've got nothing to hide.

  27. David Ireland

    I complained about a similar problem with the Ocado app. It wanted access to the phones camera, so it could read bar codes.

    The argument that all the permissions are required up front isn't valid: Multiple applications can co-operate, so you can install the additional apps to provide restricted access to resources. Only these apps have the required permissions. You can ask a user to install an extra app from within an app - this is how, for example various apps get you to buy a license for the premium version, in the app store. The experience is reasonable. You might say 'what's the difference?'. The gatekeeper apps can be very simple, and change rarely, so they should be much harder to attack than a large complex app.

    In this case, an app with no UI waits for text messages matching a particular pattern, and then forwards that message to the facebook app when it matches the pattern. Otherwise it does nothing. It accepts no incoming messages, and has no state.

  28. Anonymous Coward
    Anonymous Coward

    You Forgot Send Emails to Guests Wthout Owner's Knowledge +

    Hi, What about these two:

    1) Send emails to guests with out owners Knowledge (under add or modify calendar events.)

    2) Change Wi-Fi State.

    No app should send emails with out your consent. I agree that they may have the capability of utilizing your email app to construct an email, but NEVER send them with out your direct initiation. Given that normally - only clicking send triggers an email being sent... WHY would there be a need for this kind of permission - unless it was dubious.

    Why would an app be able to change your Wi-Fi state and turn it on? I would understand that it could prompt you to turn it on, but not actually do it.... (I mean maybe there could be a setting in FB to "Turn on Wi-Fi to accomplish tasks if it is not on." That kind of permission would be insane. Especially where Wi-Fi networks are detected but require web policy acceptance pages to be agreed to. This would drain your battery very quickly as repetitive actions fail with out an actual connect.

    I think both Android and Facebook need to get their crap together.

    These wording of setting these permissions are highly offensive and not unlike those medical commercials that list horrible side effects. Well this is what could happen, but hopefully it wont, but you could die, but ask your doctor if you can go on it.

    Well, we will suck your lists, monitor your conversations and calendar for ad placement, Track and broadcast your location at any given time and.., oh yeah... send emails out with out your consent... But it is free, cool, and you should use it.

  29. Hans 1

    Simple Solution: BB10

    cf title

  30. Eeep !

    Why aren't details published

    They give "Examples of what we use this permission for" but do not detail what they ACTUALLY use it for. Seems dodgy. Then when you go to ask for clarification of what it means you have to sign in to Facebook, as though non-subscribers are not allowed to ask questions - strange if there is nothing to hide.

    1. Charles 9

      Ask the developers.

      Remember the golden rule about Android App Permissions: they were built at the insistence of the developers because Android was late to the party and needed to convince app developers to port their apps from the Apple store. And once the genie was out of the bottle, there was no putting him back in. Remember, the developers could just go back to the Apple store.

  31. Avatar of They
    Mushroom

    This is old school.

    What the actual permissions asks is. (I still have a screenshot)

    Access to read SMS / MMS.

    It wants the abillty to modify, edit your calendar and "send to guests without owners knowledge", read calendar events plus confidential information, read your contact card.

    Connect and disconnect from wifi, Full network access

    The update before that wanted permission to use your mobile number.

    Come on Reg ask why the facebook scumbags need all that??? But the realist in me sees that and think it could if it wants to grab whatever it wants from your phone and then email whoever it wants using your tariff to do it and without your knowledge.

    Ironically I posted this all on facebook before Christmas, then uninstalled and disabled the app.

    The problem is after a while the app becomes outdated and then doesn't connect unless you update.

    When discussing with a friend who has an iphone he knew none of it, when checking his phone security it was set the same, only he wasn't told by the app store.

  32. patrick tyrus

    I already deleted it

    Facebook just keeps going down the wrong road.

    Bloatware. The app is huge

    Not in my control. I can't move it to the SD card (I don't need it active all the time)

    Its a battery hog (It tracks me when I am not in it)

    Its insecure. (see it tracking me above, but it accesses everything: SMS, phonebook, etc.)

    They try to say its secure by deleting people that shared info with me when I delete it, yet they get all my address book contacts without there permission.

    They try to say they protect privacy by not telling me who's near when I/they specifically checkin & share there location, yet they track a persons every movement, and frequently attach it to posts and messages without explicit permission at that time.

    (They try to get you to install another for page management, how about a basic facebook app, and not paper)

This topic is closed for new posts.

Other stories you might like