I poated a topic earlier about how Twitter has sold two years worth of all your tweets to marketers and advertisers at your expense, but what interested some ONTDers more was the gross act of violation that was being committed by Facebook: The social media giant has recently admitted to being able to read your text messages.
You know that list of permissions you breeze by when downloading an app? The ones you likely don't read but that could contain all kinds of little things you might not want to put in the hands of say, Facebook? Yeah. You should probably be reading those, since Facebook permissions for its mobile app allows for it to read your text messages if they want to.
Over the weekend, The Sunday Times reported that Android and iPhone users are vulnerable to a new privacy flaw. Apparently, a number of popular smartphone apps, including Facebook, YouTube, Flickr, and others, can access private text message data or other personal information.
Companies are using free smartphone apps as ‘fronts’ to allow them to spy on users’ text messages, intercept calls and even track their location, it was claimed yesterday.
By accepting little-read terms and conditions when downloading apps, consumers give developers the right to harvest vast swathes of private information.
Facebook insists that people using its Android smartphone app agree to give them permission to read their text messages, although the internet giant said it had not yet taken advantage of this right.
Facebook states that the reason it asked for the permission to read text messagers in the first place was because Facebook is prepping to launch its own messaging service. While it’s likely that most people missed this detail, Facebook actually – and very simply – states in the Permissions tab of Android Market that by installing the app the user thereby grants Facebook access to read their text messages.
Facebook purports that it didn’t do anything wrong and dismissed the claims of spying on app users’ text messages as “creative conspiracy theorizing.” While Facebook may have a tight defense in the fact that they clearly stated in the Permissions that the app gives Facebook access to text messages stored on the phone, the company seems to be pushing back rather aggressively to the quasi-revelation. Facebook issued a statement to Business Insider explaining everything. It’s an interesting exercise in triangulation, so let’s take a piecemeal examination of Facebook’s defense and what is really wrong with it (the bits from Facebook’s statement are in italics).
There is no reading of user text messages.
Okay then, but what about that permission you stated on the Android Market?
On the Android App store, the Facebook app permissions include SMS read/write.
As evidenced above, we’ve already established this. Two sentences into the statement, though, Facebook’s already contradicted itself. Is it reading texts or is it not reading texts? Quandary abounds.
The reason it is on there is because we have done some testing (not with the general public) of products that require the SMS part of the phone to talk to the Facebook App. That’s what the read&write refers to – the line of communication needed to integrate the two things.
Hm. Well, okay, that makes sense, I suppose. “Not with the general public” is kind of cryptic, though.
Lots of communications apps use these permissions. Think of all those apps that act as replacements to the build-in sms software.
When are tech companies going to learn that when trying to argue away the possibility that they violated users’ privacy, don’t point to other companies that are doing the same thing and say, “Well they’re doing it, too, so what’s the problem?” For one, what other companies are doing may be wrong or cyberstalky and so aligning yourself with those companies might not be in the best public relations move. Second, even if what other companies are doing isn’t exactly wrong, do you really want to liken yourself to the lowest common denominator?
Third, it’s just a childish response, Seriously, who are your handlers, Facebook? Do you guys not read this stuff before you send it out?
That’s not necessarily what we’re working on. SMS can be used for carrier billing (where users opt to pay for things like apps through their phone bill). Again – that’s not to say we’re launching this. It’s just an example of why an app might use these permissions. (okay, so enough with the examples, how about the ACTUAL REASON then???) The Sunday Times leap to the conclusion that is was a messaging feature.
So Facebook wanted to study the messaging data of app users but the data is not going towards the launch of a messaging app from Facebook and, while the company could see where such information could be used toward launching such a messaging service, Facebook is confidently denying that they’re not working on a messaging app. Everybody clear on that?
Anyway – we have yet to make any such features available to the public. (so the Sunday Times is completely wrong when it says Facebook is reading people’s SMS. Wrong on the terminology, and wrong on the suggestion that it has been implemented).
Uh, what? Facebook says that the Times is completely wrong about the company reading people’s SMS, but then the second sentence of this same statement says “the Facebook app permissions include SMS read/write.” So does that mean while Facebook gave itself permission to read users’ texts, they didn’t actually take the opportunity to read those text messages? Facebook has unfettered and legal access to read all of the texts from Android users of the Facebook app, yet they didn’t read the the texts? We’re supposed to believe that?
But Facebook is right to insert this into the Android app permissions – because yes, the app technically has the capability to integrate with the phone’s SMS system – even if that is just for our own testing.
Even if it was for your own testing, Facebook, this still means you were reading the texts. Even if it meant you were only printing out the texts and printing them on rolls of customized toilet paper, it still means you were reading the texts that people had stored on their SIM card.
In a separate statement from their offices in the United Kingdom, Facebook reiterated their dismissal of the Times’ report.
“The Sunday Times has done some creative conspiracy theorising. The suggestion that we’re secretly reading people texts is ridiculous. Instead, the permission is clearly disclosed on the app page in the Android marketplace and is in anticipation of new features that enable users to integrate Facebook features with their reading and sending of texts.”
Now it sounds like Facebook is admitting that they’re reading people’s text messages, just not secretly – something that was understood all along.
Well, whatever excuse-juggling Facebook wants to offer up, two points remain salient in this frivolous exercise: One, Facebook has acquired access to Android app users’ text messages; two, Facebook can’t make up its mind as to why it wanted access to these texts nor whether or not they actually read them.
Clearly Facebook looks dumb here. It didn’t clarify that why its Android App asks for text message read/write permission when the feature (that they are talking about) isn’t available to general public at all. There is no information about the type of tests performed or what the potential consequences in the future. Notably, however, that neither the IOS and Windows Phone allows direct access to SMS, which makes many wonder what Facebook really are testing.
The latest privacy furore comes in the wake of the Path address book uploading and Google's browser security measure evasion.
Social media sites Flickr and Yahoo! are also alleged to read text messages via their apps, while apps from smaller companies allow them to extract private details about users’ lives. They can even remotely take images from users’ handset cameras and even dial their phone and intercept calls without them knowing.
Flickr and Yahoo! did not respond to calls from the Mail.
The Facebook app has been downloaded to Google’s Android smartphones more than 100million times, yet few of its users are thought to know that they have agreed to give Facebook the right ‘to read SMS messages stored on your device or SIM card’. Apps are also used to identify the location of users through global positioning software and access the phone numbers and email addresses of their contacts.
They can also be used to gain information about the app users’ web browsing history.
These details are often sold on to advertisers and market research companies, exposing those downloading the apps to unwanted advertising and spam messages.
Daniel Rosenfield, director of app company Sun Products, said selling on the information was far more lucrative than charging for the app. He said: ‘The revenue you get from selling your apps doesn’t touch the revenue you get from giving your apps away for free and just loading them with advertisements.’