×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook Denies Accessing Users' Text Messages

samzenpus posted more than 2 years ago | from the it-was-the-other-guys dept.

Facebook 130

quantr writes "Facebook is being accused of snooping on its users' text messages, but the social network says the accusations are inaccurate and misleading. The company is among a wide-ranging group of Web entities, including Flickr and YouTube, that are using smartphone apps to access text message data and other personal information, according to a Sunday Times report (behind a paywall). The newspaper said Facebook 'admitted' to reading users' text messages during a test of its own messaging service. The report also says information such as user location, contacts list, and browser history are often accessed and sometimes transmitted to third-party companies, including advertisers."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

130 comments

They better be careful (0)

Anonymous Coward | more than 2 years ago | (#39172283)

If the CIA doesn't get access to this data, Facebook might be viewed as competition.

>> The report also says information such as user location, contacts list, and browser history are often accessed and sometimes transmitted to third-party

Worst? (4, Informative)

SJHillman (1966756) | more than 2 years ago | (#39172291)

What's worse? The the fact that they have to deny these kind of accusations or the fact that they're probably lying?

Re:Worst? (5, Insightful)

Anonymous Coward | more than 2 years ago | (#39172395)

The fact that any old app can apparently access your contacts, text messages and browser history.

Re:Worst? (3, Insightful)

cpotoso (606303) | more than 2 years ago | (#39172491)

Mod parent up. It is really a very big design flaw (on purpose?) of ios and android. Should not be up to the apps to decide whether they can access private data.

Re:Worst? (5, Informative)

Enderandrew (866215) | more than 2 years ago | (#39172581)

With iOS, apps just simply have access to this data by default. With Android, for each app you have to specifically grant access to these things while installing the app.

Re:Worst? (2, Insightful)

Anonymous Coward | more than 2 years ago | (#39172655)

With Android, for each app you have to specifically grant access to these things while installing the app.

And that is the flaw. The right way of doing it is to let the user grant apps rights to individual resources, possibly temporarily.

Re:Worst? (4, Insightful)

evilRhino (638506) | more than 2 years ago | (#39172795)

Since android is open source, there are ROMs that actually add this functionality to the OS. It was available on Cyanogenmod 7.1.0, for example.

Re:Worst? (2)

Nirvelli (851945) | more than 2 years ago | (#39173635)

Yes, but most apps are written incorrectly (they don't ask for permissions in a try/catch block), so for example when I told my ROM not to let Facebook access my GPS, the Facebook app would simply crash on opening.
This will only really work if it's a standardized OS-wide feature.

Re:Worst? (3, Informative)

Calos (2281322) | more than 2 years ago | (#39173673)

Look for:
LBE Privacy Guard
Permissions Denied

Re:Worst? (1)

Nirvelli (851945) | more than 2 years ago | (#39173843)

Wow, I rescind my previous statement, LBE is basically exactly what I want. And it doesn't crash things. Thanks. This right here should be built-in functionality.

Re:Worst? (0)

Anonymous Coward | more than 2 years ago | (#39173977)

LBE requires a rooted phone, so is a non-starter for your normal, average user. For hobbyists, tinkerers, and (in the original usage) hackers like we have on Slashdot it seems like a pretty nice tool. But for my wife? My Dad? Nope.

Re:Worst? (2)

Calos (2281322) | more than 2 years ago | (#39175517)

Just be aware of the limitations of the model LBE uses. All root apps like it - including DroidWall, which I use as well - are by their very nature, leaky. If they crash and you don't realize it, they do nothing. If they fail to autostart and you don't realize it, they do nothing. In that small window between when Android boots and LBE/DroidWall autostart, they do nothing. The last case can be helped somewhat by startup managers.

PDroid [xda-developers.com] seeks to shore up those shortcomings, however, it is only available for some ROMs and phones as it makes changes to Android itself. It also only appears to be available on 2.3.x releases of Android. But the upside is that it is not leaky like root background apps, and doesn't crash apps like Cyanogenmod does.

Actually, thanks for reminding me to look this up again. I'd forgotten about it, but would love to get it on my phone...

Re:Worst? (1)

Anonymous Coward | more than 2 years ago | (#39174687)

It amuses me how your definition of "written incorrectly" means "not written for a blatantly non-standard use of the Android environment". In NORMAL Android development, the developer can explicitly assume that if permission was NOT granted, the program will simply not exist on the phone. That is how it's designed.

But, sorry that following the design is clearly "incorrect" by your cockamamie idealism. We'll try to anticipate the entire API being pulled out from under us next, because I'm sure you'll bitch about how clearly WRONG we all are because we didn't design Android apps to run on your Windows Phone 8 device.

Re:Worst? (0)

Anonymous Coward | more than 2 years ago | (#39176389)

Incorrectly? No.

It is by no means incorrect to assume that the permissions you requested have been granted because that is the normal behavior of the Android OS by design.

It would be a nightmare to rewrite my app (which is a relatively small project) to handle permission revoking gracefully (multiple code paths for fallback.). I can only imagine how much dev time it would take for bigger projects.

Nor would it provide that much of a benefit to the user.

It's much better practice IMO for the developer to honestly disclose the reasons for permissions required, and to duly consider the necessity of each permission requested.

Re:Worst? (1)

Avtar (413895) | more than 2 years ago | (#39173671)

It is in Cyanogenmod 7. In my experience, apps do not handle have permissions removed gracefully, and often crash. If you need to use an app there are times when there is no option but to grant access.

Re:Worst? (4, Insightful)

TheRaven64 (641858) | more than 2 years ago | (#39172875)

The problem is, with the stock android install unlike, for example, Symbian, you can't just say 'no, the app can't have this permission but install it anyway'. I was looking for an app to read QR codes a while ago. The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.

Re:Worst? (0)

Anonymous Coward | more than 2 years ago | (#39173163)

I find the same thing with flashlight apps on my Blackberry. I simply do not understand the need for accessing Internet on my data plan for a simple app that, at most, would require access to my camera. I have yet to find one that works as advertised without any frills.

Re:Worst? (2)

Volvogga (867092) | more than 2 years ago | (#39173223)

The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.

I'm not certain, but I think that some people are now putting QR codes onto their business cards that have their contact information embedded. I know one person that has a QR code that takes your phone to his website, but was thinking about trying to get the business card reprinted with his information in VCard format within the QR code instead. I'm guessing that was the reason for the address book permissions (to add to it, not to read it), and that if you had that application, you could add a contact instantly.

I agree on a need for reasoning why certain privileges are needed. Most of them are easy to figure out (if it is a free app, chances are it has ads... thus needing internet access), but a few of them are weird, like your QR code scanner issue there. Personally, whenever I run across a weird permission request, I look back to the description or change-log of the application. If the developer has documented why the permission is necessary in either of these locations, I feel fairly confident that they are trustworthy.

Re:Worst? (2)

Rob the Bold (788862) | more than 2 years ago | (#39173397)

The first five I found on the market all required full access to my address book. WTF? I skipped installing them, but I'm sure that they'd have worked without this capability. The other big UI problem is that the apps don't say WHY they need these privileges.

I'm not certain, but I think that some people are now putting QR codes onto their business cards that have their contact information embedded.

I have seen an actual instance of this: a local magazine publisher here prints his business card in the mags he publishes and it contains a QR code with his contact info. If an app could write to the contact list, it could add that information automatically.

But on the other hand, QR codes can be used for other data, too, so an app should be installable with or without this privilege.

But on the third hand, if an app can't to something that it promises, or it gives the user an error message stating that it doesn't have permission to do something, then the publisher is looking at a possible tech support request. A user could have forgotten that he denied access to contact list for this app, and then try to get help. The publisher is going to want to keep this to a minimum, since tech support requests eat up resources. So just not installing the application is a simple way to statistically reduce this cost. So while I don't like it, I can see at least one thing that motivates a publisher to take this route.

Re:Worst? (1)

Nemesisghost (1720424) | more than 2 years ago | (#39173225)

The other big UI problem is that the apps don't say WHY they need these privileges.

This is the biggest problem I have with the way the permissions are done. I can never tell why various apps require the different permission sets. I want to know why that game I installed needs my address book or the ability to make phone calls. What is it going to do? Call my friends & tell them I just passed the 2nd level?

Re:Worst? (1)

LoudNoiseElitist (1016584) | more than 2 years ago | (#39174261)

That game needs access to your dialer so that it can be paused whens someone calls you. I agree that the warning is misleading, and I believe it's something the Android developers are working on.

Re:Worst? (2)

Dishevel (1105119) | more than 2 years ago | (#39173305)

Why should you have that power.
If I write an app and to pay for it I put ads out you have the right to install it or not.
As long as it is made clear what I have access to, If you do not like it then do not install my app.
Being able to install my app in any way you want on a free app is not a "right" that you have.
You are really going to blame Android for telling you what an ap wants and asking if you really want the program?

How much are you paid to make Android seem the same as iOS here?

Re:Worst? (1)

truedfx (802492) | more than 2 years ago | (#39174675)

That's why plenty of free apps want network access. But how is access to the user's contacts required for displaying ads?

Re:Worst? (2)

Dishevel (1105119) | more than 2 years ago | (#39174797)

It is not.
Not that I know of.
The point I was making was that the programmer gets to determine what permissions he wants.
The user gets to determine if he wants to give that stuff up to have the app.
This is not only how it works but in reality it is exactly as it should work. The only times that you have problems are when a user screams "I did not read it!" or when a user screams "I want the stuff you made but I want it how I want it! Just give it to me anyway!".
In both of those cases I am ok with the user getting screwed.

Re:Worst? (1)

Dishevel (1105119) | more than 2 years ago | (#39173331)

Also the reason that a QR code reader may want full access to your contacts list is because most of them will read contact QR code. One click and full contact information for a person is added to you list.

Re:Worst? (0)

Anonymous Coward | more than 2 years ago | (#39172959)

With Android, for each app you have to specifically grant access to these things while installing the app.

Not really true, while you install the app it *tells* you what it's going to access - take it or leave it, without special measures like LBE Security you can't refuse an app any capabilities. And out-of-the-box that's not going to chance, 'cause people would simply refuse net access to any app that uses it only to access annoying ads.

Re:Worst? (1)

Enderandrew (866215) | more than 2 years ago | (#39173065)

You can however decide not to install the app if you don't want it to have access to whatever it is requesting.

Re:Worst? (1)

mlts (1038732) | more than 2 years ago | (#39173267)

I'd say LBE Privacy Guard + DroidWall make an excellent defense, something that can be said to tip the scales in favor for Android, assuming a clued user and a rooted phone.

iOS has/had Firewall IP, but not sure if that has been updated to keep up with the latest iOS 5 vagaries. It also requires a jailbreak, which can be daunting, come iOS 5.1 and forced upgrades on restores. So, unless one gets that working, the only way to tell that an app is slurping from the message logs is to have the phone on a wireless connection with a packet sniffer.

For a non-clued Android user, the best thing to do is read the permissions. If a fleshlight app is wanting full access to contacts, phone history, etc... find another one.

Re:Worst? (1)

ommerson (1485487) | more than 2 years ago | (#39173037)

In iOS, applications don't have a lot of access to personal data to start with - and certainly not to read SMS (although apps can send using an Apple sanction UI only). They do have access to the contents of the address book, but this is looks likely to change soon.

Re:Worst? (1)

Enderandrew (866215) | more than 2 years ago | (#39173101)

They have access to my photos, videos, calendar and contacts that I know of. I consider that a lot of personal data. But I don't know which apps have access to what on iOS, where as I can see that per app with Android.

Re:Worst? (1)

ommerson (1485487) | more than 2 years ago | (#39173357)

I think the point here is that whilst applications do indeed have access, this is often mediated through Apple's user-interface in each case - which I suspect you'll find is actually provided by another process within a different sandbox. This means that rogue applications are not hoovering up your data without user-interaction.

Re:Worst? (0)

Anonymous Coward | more than 2 years ago | (#39176095)

Or they just code it with:
if (date > 2 weeks from submission) transmit_private_user_data();

The Flashlight Tethering application got by and it - quite literally have to rewrite -your networking subsystem -- only had some obscure locations to press. It was only banned when news of how to access the tethering section became public.

Also, you also think that they care? How is blocking a application suppose to make them money, seeing as how greedy they are?

Also, most of what you said makes no sense? How is sucking up contact information have anything to do with a "user interface"? Why would information passed from a different sandbox help any when the information has crossed sandbox boundaries? You might as well go code a visual basic interface to track someones' IP.

Re:Worst? (1)

petsounds (593538) | more than 2 years ago | (#39175395)

That's changing in iOS 5.1 – users will have to explicitly allow address book access, just like they are prompted to do with GPS access today.

Re:Worst? (1)

Anonymous Coward | more than 2 years ago | (#39172587)

On android, it pops up a warning at install time. I'm sorry, but if you didn't know facebook app accesses that info, who's fault is that? It's very clear that it requires access to every bit of personal info on your phone, down to your inbox if I recall correctly. It's why I don't have facebook installed on my phone, and why I refuse to upgrade several apps, I don't feel they need that level of access, so I don't let them on my phone.

Re:Worst? (5, Informative)

Anonymous Coward | more than 2 years ago | (#39172669)

Many smartphones come with facebook pre-installed. I had to root my phone to uninstall it.

Re:Worst? (0)

Anonymous Coward | more than 2 years ago | (#39173571)

I couldnt agree more. I've been using android for ever and when I recieved an update for Facebook some 6 months or more ago which didnt auto update I did what I always do and check which new permissions they were trying to sneak in. Turns out they wanted access to almost EVERYTHING, so I simply didnt install the update. then later uninstalled the app and just used the webpage version of it.

People have to realise that they are not at the mercy of the App. What app is so must have that you are willing to give up all your privacy for? bear in ming that most apps are simply portals to the webpage version anyway, so just use the browser and skip all the fancy full integration if you dont like the permissions. Obviously for games thats not the case and you'll most often simply have to do without.

Re:Worst? (1)

L4t3r4lu5 (1216702) | more than 2 years ago | (#39173179)

1) Root phone.
2) Install granular permission control app.
3) Deny apps permissions you don't agree with.

Cyanogenmod 7.1 has granular app control built in, or you can use a 3rd party app like LBE Privacy Guard.

Don't use an Android device? Sorry, no advice for you. <trollface>I guess being able to control your device is important after all.</trollface>

Re:Worst? (1)

arisvega (1414195) | more than 2 years ago | (#39173515)

The report also says information such as user location, contacts list, and browser history are often accessed and sometimes transmitted to third-party companies, including advertisers.

That also caught my attention- location, contacts list and browser history, all to third-party advertisers: well, I think they are pushing it, and that people should either use a firewall (I'm no smart phone expert but I really hope there exists a firewall) or not install the app at all- can't one just access facebook from a smartphone's browser? Why would you need an app, especially if they spy on you in such a greedy and disrespectful way?

Re:Worst? (1)

Anonymous Coward | more than 2 years ago | (#39173595)

The fact that any old app can apparently access your contacts, text messages and browser history.

The Facebook app has a legitimate reason to read/write your contact data. It includes a feature that allows to to sync your contacts on your phone with your facebook contacts. It would be great, for example if it automatically updated the contact photos on my phone for my facebook friends using their profile picture on facebook. (I think Motoblur does this, for example.)

However, the way facebook implemented it was rather messed up. They didn't store the contacts with the regular contact data. So, if you uninstall the facebook app, those contacts disappear. In other words, Facebook wanted to import your contact data, but not allow you to export your facebook contact data to other apps on your phone. That is why Google removed Facebook's ability to do this on the Nexus S and plans to do it for future flagship phones as well.

See: http://www.androidguys.com/2011/02/23/google-drops-facebook-sync-nexus/

Re:Worst? (4, Interesting)

PopeRatzo (965947) | more than 2 years ago | (#39172735)

What's worse? The the fact that they have to deny these kind of accusations or the fact that they're probably lying?

You know when a corporation says "the accusations are inaccurate and misleading" that they are guilty as hell.

How hard is it to say, "No, we never, ever access private messages or contact information for any reason"?

It's like when a politician says, "To be perfectly honest..." Somebody needs to hit the crash cymbals whenever those words are spoken, to indicate ALERT! LIE COMING....

Re:Worst? (3, Funny)

SJHillman (1966756) | more than 2 years ago | (#39172811)

But then how would we hear the politicians over the constant crashing of cymbals? On the bright side, assassins would no longer need silencers.

Re:Worst? (-1)

Anonymous Coward | more than 2 years ago | (#39174805)

You know when a corporation says "the accusations are inaccurate and misleading" that they are guilty as hell.

No, you don't. You know that they are guilty as hell when actual, concrete evidence of their guilt is brought to light, and not one second before that.

In the meantime, anyone who claims to "know" that they're guilty is lying to themselves in order to justify their emotional investment in the predetermined conclusion that they chose because they want it to be true.

Why are people surprised? (5, Insightful)

mr1911 (1942298) | more than 2 years ago | (#39172325)

Facebook is a free service. Facebook users and their data are the commodity being sold to advertisers. The business model isn't a secret.

There are two ways to grow revenue with this model. 1) Sign up more users. 2) Invade deeper into the user data so the data sold to advertisers is more relevant and worth more.

Re:Why are people surprised? (0)

Anonymous Coward | more than 2 years ago | (#39172405)

Parent nailed it. Why is anyone still surprised? I would think this is public knowledge by now.

Re:Why are people surprised? (2)

TubeSteak (669689) | more than 2 years ago | (#39172413)

People are surprised because they only expect the government to invade their privacy,
not publicly traded corporations exceeding their authorized access.

Re:Why are people surprised? (2)

stanlyb (1839382) | more than 2 years ago | (#39172485)

Actually, that is what is happening right now, the government is accessing all the "public" information.

Re:Why are people surprised? (1)

TallDarkMan (1073350) | more than 2 years ago | (#39176091)

People are surprised because they only expect the government to invade their privacy

I tend to disagree. Most people I run across look at you funny when you present the idea that the government is invading their privacy. In fact, most will deny it outright and argue that "the people" would never let anything like that happen (even though, it's already happening, and worse!)

You have a nation of consumers, which means they all think in terms of "who can I go to when [whatever] doesn't work, is broken, is causing me inconvenience, etc. and when they find the company they're dealing with is doing questionable things, they think the government will be the one to correct the situation.

Isn't that a great way to divert attention and control the sheeple?

They deny it so its secret (0)

Anonymous Coward | more than 2 years ago | (#39172425)

Then why the denial? I don't believe anyone thought for a second that Facebook grabbed their location data, or worse, their contact lists and browser history.

Browser history? Thats surveillance. Just because Facebook can steal data (by deception or by lies its the same) and profit from selling it, doesn't make it any less bad.

Contact list? Did the people you contact agree to letting Facebook have their number? I don't think they did! Free or not they're not above the law.

Re:Why are people surprised? (3, Insightful)

scorp1us (235526) | more than 2 years ago | (#39172441)

Because there is the idea that what you enter into one app on your phone is not available to another app.
If I accept the "terms of use" for facebook, I do not also consent to having them go through my text messages.
When I turn off location services for facebook I do not expect them to still access my location.

Re:Why are people surprised? (1)

nahdude812 (88157) | more than 2 years ago | (#39173017)

Because there is the idea that what you enter into one app on your phone is not available to another app.

And that is in fact the default operating method for both major smartphone platforms. But there's value in being able to share certain kinds of data between apps. For example, if you want to write a better SMS client, that task is pretty much impossible if the user has to recreate their entire contact list and loses all their existing SMS history. That's why (on Android at least) the app has to request permission for that access. Unfortunately your only choices are to grant every permission the app requests, or not install the app at all. So if Facebook asks for access to your SMS history, your choices are only to grant it or lose access to the reason most people have smartphones to begin with - broadcasting more detail about their life than anyone but them cares about.

If I accept the "terms of use" for facebook, I do not also consent to having them go through my text messages.

Have you read their terms? If you accepted them, you're giving them a lot more access than that.

Re:Why are people surprised? (5, Insightful)

Culture20 (968837) | more than 2 years ago | (#39172475)

People are surprised because this is a cell phone app reading data that is irrelevant to the app's function. It would be like if Google had a picture editing program that sent google a snapshot of your entire filesystem directory listings. Surprising.

Re:Why are people surprised? (1)

Rob the Bold (788862) | more than 2 years ago | (#39174351)

Facebook is a free service. Facebook users and their data are the commodity being sold to advertisers. The business model isn't a secret.

It's not really free. It's just harder to quantify what value you've exchanged for the service. Facebook certainly turns data into money.

Evil? (0)

Anonymous Coward | more than 2 years ago | (#39172345)

See! Google isn't evil.

Smartphones (3, Insightful)

ciderbrew (1860166) | more than 2 years ago | (#39172377)

I wish I didn't install their app on my HTC ages ago. It's off now; but it did get the contact data from the phone! I only use the browser for FB now and no way am I installing that Malware again. - Events details locked in FB are a pain.

is that allowed on mobile APIs? (1)

Anonymous Coward | more than 2 years ago | (#39172411)

I've never programmed for mobile phones before, so I'm ignorant, but are the phone's SMS messages even available in the APIs given to mobile developers to use for creating 3rd party apps? Even if it is available in the API, surely the phone OS would pop up a warning and force you to confirm approval.

I was skeptical when I read this story for that reason.

Re:is that allowed on mobile APIs? (3, Interesting)

colfer (619105) | more than 2 years ago | (#39172477)

Android phones in the U.S. come with apps that cannot be deleted, depending on the service. Typically: Facebook, Twitter. You can choose to decline updates, but you cannot remove the app. Look at the comments on this app: https://market.android.com/details?id=com.virginmobileusa.vmlive&hl=en [android.com] Of them 90% are along the lines of this one: "This program is garbage I wish I could get this crap off my phone."

Re:is that allowed on mobile APIs? (0)

Anonymous Coward | more than 2 years ago | (#39172621)

Android phones in the U.S. come with apps that cannot be deleted, depending on the service. Typically: Facebook, Twitter. You can choose to decline updates, but you cannot remove the app. Look at the comments on this app: https://market.android.com/details?id=com.virginmobileusa.vmlive&hl=en [android.com] Of them 90% are along the lines of this one: "This program is garbage I wish I could get this crap off my phone."

root + titanium backup deletes everything...

Re:is that allowed on mobile APIs? (3, Informative)

Enderandrew (866215) | more than 2 years ago | (#39172683)

Android doesn't do this. Certain carriers push out custom versions of Android where a small handful of the shovel-ware apps can't be deleted. But Facebook and Twitter can be deleted on all the major carriers (Sprint, AT&T, T-Mobile, Verizon).

However, you can always root your phone if you really want to delete these shovel-ware apps.

Re:is that allowed on mobile APIs? (2, Informative)

wannabgeek (323414) | more than 2 years ago | (#39173149)

Google's stock Android doesn't let you uninstall Facebook, Twitter, Amazon MP3 and even Google Books. I'm talking Ginger Bread on Nexus One - so it's not imposed by any carrier. It gets into some weird situations as well - since I'm in India and currently Google Books is not available for India, it won't let me install any updates, but it still shows me update notifications, and would not let me uninstall the app. It sucks, especially since app storage is really small and precious on these old phones.

Re:is that allowed on mobile APIs? (1)

pongo000 (97357) | more than 2 years ago | (#39173401)

Android doesn't do this. Certain carriers push out custom versions of Android where a small handful of the shovel-ware apps can't be deleted. But Facebook and Twitter can be deleted on all the major carriers (Sprint, AT&T, T-Mobile, Verizon).

Not true on AT&T. Just tried it on my SGS2, Facebook is still there.

This is not insightful - it is factual wrong! (0)

Anonymous Coward | more than 2 years ago | (#39173505)

See other replies here, unfortunately only the wrong claim from the Google apologist is modded up as this is Slashdot and we still cling to the idea that Google are better than others, especially Facebook.

Re:is that allowed on mobile APIs? (0)

Anonymous Coward | more than 2 years ago | (#39173769)

Wrong you can't uninstall Facebook on Verizon. Nor the Amazon MP3 app, or anything Verizon puts on their phones. Of course you can root your phone and uninstall anything at that point but that voids the warranty.

Re:is that allowed on mobile APIs? (1)

evilRhino (638506) | more than 2 years ago | (#39172863)

Almost every Android phone also has the ability to install a custom ROM that does not include any extra apps, including the google ones.

Otherwise people shouldn't be surprised by this... (1)

Anonymous Coward | more than 2 years ago | (#39172433)

I kind of expect such behavior by big internet companies like Facebook, Google, Microsoft, Zynga, etc.

We've all read the line "If You're Not Paying for It; You're the Product" and it's true.

It's just a shame that these comapnies don't tell/warn/notice the users clearly before they sign up and while they are using their services about what's going on behind the people's backs.

There should be something along the lines of...

"Dear Sindy, the reason why that third-party company is sending you advertisment about hepres treatment products might be, because we found out about it during your messaging with Jenny and we thought that we should sell your information, which you would probably want to remain private, to the company paying us the most, which is specialised in treating herpes. It's a win-win situation for both of us. Best regards, your Facebook-Privacy-Team"

Well yeah. (4, Interesting)

TheSpoom (715771) | more than 2 years ago | (#39172449)

I stopped using and uninstalled the Facebook Android app when I saw that it was turning on my phone's GPS as soon as I opened it. Sorry, but there's no legitimate reason for the GPS to be on all the time in this app's context.

Oh well (2)

slasho81 (455509) | more than 2 years ago | (#39172499)

Just add this complaint along with any other complaint you have regarding Facebook over here [wikipedia.org]. This makes ignoring Facebook issues much more efficient.

at least with CM7 (0)

Anonymous Coward | more than 2 years ago | (#39172535)

I can restrict facebooks' acess to my message. restricting the gps causes the app to crash though.

Why aren't the apps properly sand-boxed? (5, Insightful)

scorp1us (235526) | more than 2 years ago | (#39172559)

I think I should be able to go in and modify any app's permissions after the fact. The "accept permissions" button should only set those requested permissions as default, then I should have an app that can revoke them. Currently the app developer gets all the power because people don't know what the permissions tie to and how they actually get used/abused. Such an ability would make app authors think twice...

Re:Why aren't the apps properly sand-boxed? (0)

Anonymous Coward | more than 2 years ago | (#39172821)

  • Root your Android
  • Get Gemini App Manager [android.com] (Or something else that can change auto run permissions per event)
  • Get Permissions [android.com] to actually change permissions.
  • Watch the apps crash since not obtaining the permissions is a fatal error.

Re:Why aren't the apps properly sand-boxed? (1)

Anonymous Coward | more than 2 years ago | (#39172915)

Or just use PDroid [android.com], you can restrict permissions easily and apps WONT crash...

Re:Why aren't the apps properly sand-boxed? (1)

downhole (831621) | more than 2 years ago | (#39176687)

Cyanogenmod lets you do exactly that. I'm running it on my HTC Thunderbolt, and as soon as I read this, I went in, saw that the Facebook app does indeed request full SMS permissions (read, write, send, and receive), and turned them all off. The app hasn't complained so far. Still, it would be nice if it was an OS default option instead of requiring that you install a third-party ROM, which isn't possible on a lot of phones and will break other things on many of them.

NHave you seen the permissions? (2)

Drakin020 (980931) | more than 2 years ago | (#39172623)

Have you seen the permissions the Facebook App has on the HTC Rezound? (And I'm sure on other phones.) Oh BTW you cant actually remove the FB App from this phone unless you root it.

This is exactly what it says on my phone...

Permissions: This application can access the following on your phone.

- Your personal information
Read contact data, write contact data

-Services that cost you money
Send SMS Messages

-Your messages
Edit SMS or MMS, read SMS or MMS, receive SMS

-Your location
fine(GPS) location

-Network communication
full Internet access

-Your accounts
act as an account authenticator, manage the accouns list

-Storage
modify/delete SD card contents

-Phone calls
read phone state and identity

-System Tools
prevent phone from sleeping, write sync settings

Re:NHave you seen the permissions? (0)

Anonymous Coward | more than 2 years ago | (#39172841)

>Oh BTW you cant actually remove the FB App from this phone unless you root it.
I think my brain just threw up.

What an untrustworthy pile of shit device.

Re:NHave you seen the permissions? (0)

Anonymous Coward | more than 2 years ago | (#39173677)

Anything you can't uninstall with the same permissions you needed for install should be by definition Malware. Ditto if the same user-level can't disable it.

This is a rootkit. It might not technically have root, but it functionally does by having privilages superior to the installer.

Re:NHave you seen the permissions? (1)

robmv (855035) | more than 2 years ago | (#39174669)

Hopefully the update to Android 4.0 is not delayed too much for that phone. With 4.0 you can disable entirely an application, even base applications and those added to the ROM by the manufacturer

One browser per evil mega-corporation (1)

colfer (619105) | more than 2 years ago | (#39172633)

As long as the # of decent browsers surpasses the # of evil mega-corporation web services I want to use I guess I have some privacy. Fifteen years ago there were two browsers and both were broken, either by crashes or security. Now we're in a golden age of good browsers. The only way the evil megas can break browser separation would be by IP, which is fuzzy, or by Flash cookies, which I hope are not shared across browser. (Or by behavioral analysis, also fuzzy.)

Mozilla even has two browsers you can install with the profiles automatically separate and runnable simultaneously: FF and Seamonkey. Same should be true of Chrome and Chromium. Opera is fast, Safari is special, IE is ok these days.

My personal information is intellectual property (0)

Anonymous Coward | more than 2 years ago | (#39172639)

Facebook is committing a copyright violation.

Re:My personal information is intellectual propert (0)

Anonymous Coward | more than 2 years ago | (#39173063)

Read the Terms of Service. When you signed up you licensed your intellectual property to Facebook.

The real problem (2)

A beautiful mind (821714) | more than 2 years ago | (#39172741)

The real problem is that common applications request almost all of the permissions from the phone when the user installs them, to provide full functionality (importing contacts, etc.). The user's choice is between not installing the app and giving it those permissions.

What should be happening instead is: make the permissions user selectable, to be able to install the facebook app, but to prevent it from accessing anything I don't want. The app store / market rules should mandate that applications cope with the degradation of priviledges gracefully. The OS/app should display a popup when the user tries to do something that requires priviledges the app doesn't have, along the lines of "do you want to grant permission x to this application? [just this once] / [yes] / [no] / [don't ask again]"

Re:The real problem (1)

compgenius3 (726265) | more than 2 years ago | (#39173091)

Alternatively, the core Android APIs should provide a null data set when the app hasn't been granted permissions to a particular resource, and normal rules of error checking your data apply. I've written a few Android apps and can easily see how the Android permission system is broken. For example, when verifying an app purchase with the Google Market API, Google suggests using some unique identifier to encrypt the data store:

[...] the Policy must always obfuscate the data before storing it, using a key that is unique for the application and device. Obfuscating using a key that is both application-specific and device-specific is critical, because it prevents the obfuscated data from being shared among applications and devices.

However, in order to get a truly device-specific identifier requires extra permissions:

Note that, depending on the APIs you use, your application might need to request additional permissions in order to acquire device-specific information. For example, to query the TelephonyManager to obtain the device IMEI or related data, the application will also need to request the android.permission.READ_PHONE_STATE permission in its manifest. Before requesting new permissions for the sole purpose of acquiring device-specific information for use in your Obfuscator, consider how doing so might affect your application or its filtering on Android Market (since some permissions can cause the SDK build tools to add the associated ).

So it's easy to see how permissions can be declared for something innocuous but used for something nefarious.

Murdoch's not so bad (1, Interesting)

Comboman (895500) | more than 2 years ago | (#39172807)

This Sunday Times article is just the latest in a string of Rupert Murdoch media outlets (mostly the Wall Street Journal) posting exaggerated and questionably-researched stories about "hacking scandals" at large internet companies like Facebook, Google, Microsoft, etc. The strategy seems to be to distract the public from real hacking scandals at News of the World and other Murdoch owned properties and make it appear that hacking is a normal activity for successful companies. What, you thought that scandal was old news? More details [guardian.co.uk] continue to get out [dailymail.co.uk] (despite Murdoch's attempts to cover it up [wsj.com]).

Something Related (1)

anand78 (832850) | more than 2 years ago | (#39172917)

In my trip to India last month, I was using a crappy phone to surf the Internet. I thought google used SSL or some obfuscation but I was surprised when I started getting emails from Indian sites.The problem is not just limited to Apps but on a broader scale ISP's snoop on you.

I have a simple solution. (0)

GNUALMAFUERTE (697061) | more than 2 years ago | (#39172933)

Don't use facebook. I've never had facebook, or orkut, or twitter, or any of that crap.

I use the internet in just about the same way I used it when I was a kid, except now I use SSH instead of Telnet, and SCP instead of FTP. I use the web to retrieve information, as was its original purpose, and of course as a replacement for USENET. Why people find the need to use all of this new crappy services offered over the web? Why do they find the need to register to every new stupid service they find? Now most of the web requires some stupid registration. Fuck, every stupid blog or forum requires registration to view download links! I use bugmenot.

If you enjoy your privacy, LOG THE FUCK OUT. You don't need it to begin with. It ain't that fucking difficult, why do we keep having this conversation every other day?

Re:I have a simple solution. (0)

Anonymous Coward | more than 2 years ago | (#39173077)

Because people seem to think they'll miss some important event happening, when reality is all they'd likely ever miss is juicy tidbits about what their acquaintance they aren't really close to is having for lunch today or how their digital timesink farm is doing.

But then again getting off facebook and emailing them asking for them to directly send every mundane update about their lives would just seem weird.

Facebook denies ... (2)

golodh (893453) | more than 2 years ago | (#39173247)

When I read "Facebook denies [...]" I thought "Well, that makes it official then. Lets see what it is that they are denying."

"Never believe anything until it has been officially denied" (the right hon. J. Hacker.)

How much I may hate Facebook... (2)

vikingpower (768921) | more than 2 years ago | (#39173277)

( and I do ! ), this is simply below all levels of verifiability. "Is being accused of...", "...denies....", "...according to...( behind paywall ).... ". And then the same Sunday Times article suddenly becomes a "report". C'mon. Show us facts, bare, hard, naked facts. Not allegations. Slow news day, Slashdot ?

Re:How much I may hate Facebook... (0)

Anonymous Coward | more than 2 years ago | (#39173437)

Slow news day, Slashdot ?

aka every day on Slashdot

I got rid of my smartphone (0)

Nyder (754090) | more than 2 years ago | (#39173599)

The problem is the smartphone. What you have is a little computer, holding lots of your data, that has wifi, 3G, 4G, LTE, LSD, and of course, 2G. It's a walking smorgasbord of personal data about you.

And what do you do with it? You download app after app, to make it so you can do stuff easier, while letting these "apps" have access to your data. Your personal data. Sure, the corporations, who makes their money off your personal data, are going to say they aren't "reading" your text messages, your email, or any other data they can get access to on your smartphone?

Are you people stupid or just blind?

I got rid of my smartphone. got me a cheap cellphone to do what a cellphone is best for. making phone calls on the go.

Truth is, smartphone is for dumb people. think on that.

BlackBerry not affect? (1)

acoustix (123925) | more than 2 years ago | (#39173669)

I just checked the permissions of the Facebook app on my BlackBerry (9930 running 7.1) and it does not give the FB app access to any of my messages.

Not too shabby for a supposedly dead platform.

Why dont just use Twitter (0)

Anonymous Coward | more than 2 years ago | (#39174353)

Facebook always make something that does not seem quite right. I only use it for educational purpose
http://radeocore.blogspot.com/

Facebook: gone! (1)

DogDude (805747) | more than 2 years ago | (#39174551)

I didn't even think about this when I installed Facebook's app onto my Windows Phone. It's really just as easy to just use the regular web version.

The Government App (0)

Anonymous Coward | more than 2 years ago | (#39174993)

Why didn't the government make "The Government App" and have it pre-installed on all phones? Would have made warrantless wiretaps much easier.

users get what they deserve seriously (1)

dell623 (2021586) | more than 2 years ago | (#39175527)

Apple considers their users too stupid to know such important details like whether an app can access all your data. Android pops up a nice dialog - when I thought I'll try out the Facebook app, it said it can access my contacts, sms messages and pretty much everything. I said fuck no, and never installed the app. Also the reports from friends with iPhones that as soon as you install the facebook app the first thing it does is to upload all the phone numbers from your contact list to facebook. People who did install the app have themselves to blame. And yes I am aware Google has access to all this info. I have reason to trust Google more, if just for the reason that every time Google accesses your info, you get told that it is about to do so. Google have always been a million times more transparent about what they do with personal info even if they are far from perfect.

PS: I just compared Google+ and Facebook apps on Android. Google+ does not require access to SMS messages, whereas facebook can do pretty much anything. They can both read phone state, including which number you are calling, however it seems they cannot read the call log, which is a bit more important. Still a bit worrying, but as I said before, Google could do this anyway and I trust Google more than Facebook.

Re:users get what they deserve seriously (1)

petteyg359 (1847514) | more than 2 years ago | (#39176717)

CyanogenMod adds this nice feature where you can selectively disable permissions. Facebook does not have access to my messages.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...