Facebook, which is facing intense scrutiny from lawmakers and users in the US and UK after reports of data leaks, is now under scanner over its Android app. It has been reported that Facebook’s Android app is collecting phone call metadata, including names, numbers, and length of each call, according to a report in ArsTechnica. The company has written a post denying that it is illegally collecting user data. It appears that iOS users are not impacted by this problem on the Facebook app.
The report came to light when a New Zealand based user Dylan McKay posted on Twitter how Facebook was collecting nearly most all of his call record data, which included names, phone numbers and the duration of calls as well. McKay has posted an entire thread about the same on his Twitter page as well with details of the data that was collected by the Facebook app. According to report in ArsTechnica, other users have also reported a similar call-log data being collected by Facebook.
Facebook, however, has denied it is illegally collecting user data. A Facebook spokesperson also said that when the app is installed, a user generally given explicit permission to upload contacts, and that users can also delete the data from their profiles. Facebook has now written a detailed blogpost on the same topic as well denying the charges.
Check out the tweets below
So what is happening with the Facebook Android app? How is it accessing call log data?
It should be pointed out that Facebook Messenger has an option for making it the default SMS app on Android devices. This would mean Facebook Messenger becomes the de facto SMS app and gets access to user contacts and phone app data. However, as the report on ArsTechnica points out that permission is not granted to collect call log data for a number of years, which is what has been reported.
Facebook Messenger, now asks for user permission to access call logs and SMS on Android. However, this explicit permission feature on Android is still new, unlike iOS where users have always had the option of restricting access to some features for apps. On Android, the permissions feature was introduced with Marshmallow (Version 6.0) in 2015, and allowed users to restrict access for apps. Earlier with Android apps, users had to grant permission to all the features which the app wanted to access, irrespective of whether these were essential to the app or not.
As the ArsTechnica report, the Facebook app before Android 4.1 also got access to call and message logs by default and many apps can avoid the newer rules (where permission is explicitly needed) by writing the app to an earlier version of the Android API. The report also says that before 2016, Facebook never explicitly revealed that the call data was being collected, and the permission asking feature also came only in 2016.
What is Facebook saying about this Android app controversy
Facebook issued a statement denying that it was “logging people’s call and SMS (text) history without their permission.” According to the company, “Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android. This helps you find and stay connected with the people you care about, and provide you with a better experience across Facebook.”
Facebook in its defense says that people have to agree to use this feature when sign-in to the app and can turn it off in settings as well. It also claims “all previously shared call and text history shared via that app is deleted,” if the user turns off the feature. Facebook also claims that for users importing their contacts is fairly common for social apps. The company first introduced this feature on Messenger in 2015, and later on Facebook Lite app as well.
The social network also claims they have never sold this data and they do not collect the content of text messages or calls. “Your information is securely stored and we do not sell this information to third parties. You are always in control of the information you share with Facebook, ” says the company.