Facebook’s features creeped people out enough. One user went to download his data from Facebook and found call logs he had with his partner’s mom. It was then that we realized Facebook is using call logs, including duration and missed calls, and message history to sidestep asking for contacts permissions. Facebook had found a way to grab information on your friends without asking for it. In fact, Facebook made getting this permission without your knowledge a key priority.
In This Article:
How Permissions Work
Phone permissions are supposed to stop app developers from having unlimited access to the data on your phone. It’s what allows you to feel secure downloading an app like Facebook without worrying that they’re collecting all of your information. Permissions act like a layer between an app and your device and its data. So, when an app like Facebook wants to access contacts, it has to ask the operating system for them. If you have enabled the contacts permission for that app, it hands the requested data over, otherwise, it will not.
This system puts you in charge of the gates between your apps and your data. It forces apps to always ask you for permission for this data first, as all permissions are off by default. Once you enable one though, the app will have access until you shut it down. In some ways, an app developer could use permissions in a sneaky way, using data that you might not suspect they’re using.
How Facebook Dodged Permissions
This alert was intentionally difficult to read. Click to zoom.
We knew Facebook was storing call logs and messages from Android users for some time now. Though the permission dialog Facebook used to inform users (right) made the text difficult to read, we were able to confirm this immediately after users noticed the behavior.
However, we didn’t have information on the discussions that went on in Facebook regarding the matter. The British government released hundreds of emails and documents it seized as part of an investigation. The insight into the company’s inner workings and values has not made Facebook look good. As it turns out, Facebook knew the feature would not be popular. They not only decided to go forward with it anyway, but decided to use a method that would avoid a new permissions dialog. In doing so, they were able to keep from truly alerting users to their permissions grab with an Android-level popup.
The Lead Up
Dodge the Popup
What you ended up doing was helping Facebook build out shadow profiles, get phone numbers for Facebook users who didn’t list their own numbers, and help Facebook make connections through people who may not want to be connected at all.
People You May Know
Gizmodo has an interesting take on this problem. They were investigating a problem sex workers had reported. Despite using burner phones, pseudonyms, and alternative phone numbers, sex workers were getting friend requests from their clients. They were seeing their clients in their “People You May Know” section. How could Facebook have this information? If the sex worker had their real phone number as a contact on the burner phone, Facebook could have been able to grab up the information and collect their sex worker identity to their true identity. This lead to stalking from their clients, blackmail, and harassment.
Facebook doesn’t just make these connections. They also create their own nodes in their little web. If a person does not seem to have a profile, Facebook creates a “shadow profile.” This is a profile for a person who hasn’t signed up to Facebook yet, but the company knows they exist. They may have the person’s name, pseudonyms, nicknames, phone numbers, email address, physical addresses, photos, and more, all from the people they know. This is why you can’t escape Facebook’s data collection. Even if you’re not a user, Facebook has built an advertising profile on you. Even if you never sign up for Facebook, advertisers can use the service to track and target you with ads.
No matter what, Facebook knows you.
Android vs iOS
Turning off contact access in iOS is easy.
This is one of the many areas where iOS devices are more secure. If you choose not to share your contacts information with Facebook, they won’t have this information on you or your friends. But this is like crowd immunity. If some people don’t get the vaccination, anyone can get sick. Since Android users are uploading contact information and more unwittingly, Facebook has this information on you and your friends anyway.
If you use Android, you don’t have many options here. Facebook may have come preinstalled on your device and you may be unable to delete it. However, you can go into your apps page, select the Facebook and Messenger apps, and remove all updates. You can then disable the app, effectively uninstalling it. You can use. bookmark to view Facebook on your phone, but you’ll need to spoof your browser as a desktop browser to get Messenger on your device without downloading the app.
Facebook likely has your information anyway. Since there’s no legislation stopping these kind of large information grabs, there’s nothing you can really do. Facebook will get your information whether you have an account and the app or not. It’s Facebook’s world, we’re just living in it.
Sources: