It seems the PR team of internet security giant Kaspersky Lab got more than what it bargained for. Nine hour after it sent out an email saying that “buried within the latest update for Facebook’s Android app is a feature that is causing growing concern among some users”, they were sending out clarification emails saying they were “not the source of the news” that Facebook was reading your SMSes and “have only commented on the technical aspect”.
We will leave that call to you.
This is what the first mail, received on Monday, said: “Buried within the latest update for Facebook’s Android app is a feature that is causing growing concern among some users. In the App permissions menu, the site asks for access to ‘Read your text messages (SMS and MMS)’, and to ‘Add or modify calendar events and send email to guests without owners’ knowledge.’
According to Facebook’s official app permission page, an example of when Facebook requires access to text messages is when connecting phone numbers to an account. ‘If you add a phone number to your account,’ explained Facebook, ‘This allows us to confirm your phone number automatically by finding the confirmation code that we send via text message.‘”
The mail goes on to say that “the key… seems to lie in the word ‘automatically’”. “Surely the app doesn’t *need* to do this automatically. Facebook could simply prompt me to type in the code manually. Or, at the very least, provide this option. This may be a perfectly innocent feature. But in the light of growing concerns about online privacy, such an option would help to allay people’s fears.”
It quotes David Emm, Global Research & Analysis Team (GReAT), Principal Security Researcher, Kaspersky Lab as saying that it is good to see Facebook providing two-factor authentication. “It’s up to you, of course, to decide if you’re happy to allow Facebook to read your messages. As a final note, we’d urge people to carefully check the permissions requested by any app when you first install it.”
However, hours later, as the Internet was flooded with reports by bloggers, journalists and even mainstream news agencies with headlines like “Facebook wants to spy on Android phone users: Kaspersky”, the company was literally running for cover.
Soon the company sent out another email saying “On behalf of Kaspersky Lab, we would like to clarify that we are not the source of the news, but have only commented on the technical aspect. This email was sent out to media at large hoping that we will get queries & would respond to it accordingly. Kaspersky Lab would thus like to clarify their position and state that they are not holding Facebook responsible for this in any manner & are only commenting on the news that has already been published.”
Obviously, no one called back with queries on their story and just based reports on the PR mailer which seemed to put everything in black and white with no need for follow-ups. We are just wondering what Facebook thinks about the who episode.