Facebook’s Android App Has Been Stealing Your Contacts, Call Logs, and SMS Data for Years

BY

Published 25 Mar 2018

NSFW AI Why trust Greenbot

We maintain a strict editorial policy dedicated to factual accuracy, relevance, and impartiality. Our content is written and edited by top industry professionals with first-hand experience. The content undergoes thorough review by experienced editors to guarantee and adherence to the highest standards of reporting and publishing.

Disclosure

fb icon

Facebook recently came under the scanner for leaking data of millions of U.S. users via a third-party app that was used to game the U.S. election results. Now, making matters worse, many Facebook users with an Android phone are just now realizing that the company had kept a record of their call logs, including numbers, names, the call length, and even the SMSs they sent. 

This was first discovered by Dylan McKay who found that Facebook had about two years of his call logs with them. It is not a one-off case and if you are using the Facebook app on your Android device, chances are the social networking giant has collected similar data from you. Facebook indulged in this behavior primarily between 2015 to 2017. After this, a change in Android’s permission model forced Facebook to stop collecting this data from its users.

A Facebook spokesperson confirmed to Ars that it collects this data to give better friend recommendations to its users:

“The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.” – Facebook spokesperson in response to an email from Ars.

Up until Android 4.0 Ice Cream Sandwich, Google provided developers with access to one’s call log and SMS when an app requested access to their contacts. It was only with Jelly Bean that Google introduced a more granular permission model which required developers to ask for explicit permission when trying to access a user’s call logs or SMS. The company deprecated the older APIs in October 2017 which is why Facebook’s Android app has not been able to keep a record of a user’s call logs after that.

Facebook has always been accused of stealing one’s contacts and other personal data using its Android app without the explicit permission of the user thereby violating their privacy. If you value your privacy, you should probably consider uninstalling the official Facebook app from your Android device and instead switch to a third-party app.

[Via Ars]