Facebook Accused of Reading Text Messages via App

A recent article is heating up the privacy issue with apps again, this time focusing on text message reading via Facebook's app.

A report from the London Sunday Times (paywall) claims that the Facebook mobile app for Android and iOS is accessing personal text messages residing on smartphones. The social website reportedly isn't denying its actions, saying that the data collection is part of a trial to launch its own messaging service. Even more, when the service actually goes live, users will be prompted to give permission.

"The permission is clearly disclosed on the app page in the Android marketplace and is in anticipation of new features that enable users to integrate Facebook features with their texts," a spokesman for Facebook said in a statement. "However, other than some very limited testing, we haven't launched anything yet so we're not using the permission."

The overall theme of the article reveals that companies like Facebook and Yahoo are accessing personal information -- including text messages and contact lists -- and intercepting phone calls without the user's knowledge. YouTube can reportedly remotely access and operate the users' smartphone camera to take pictures or videos at any given time. Even more, merely downloading basic apps can leave consumers vulnerable to a plethora of spam and invasive advertising.

But this is mostly nothing new. The problem, according to the paper, is that these features are clearly labeled in the terms and conditions -- something 70-percent of smartphone and tablet users rarely or don't even read because they're overly complicated and lengthy. Most of us generally give the app the green light when its flashes a list of permissions before installing without even reading what it will actually access.

As for Facebook's app, the permissions clearly state that it will read SMS or MMS messages, saying that permission "allows application to read SMS messages stored on your device or SIM card. Malicious applications may read your confidential messages." The app will also write to SMS messages stored on the device or SIM card, and receive and process SMS messages. Other permissions include reading contact data, writing contact data, determine the phone number and serial number of the phone, access the GPS and more.

Despite the listed permissions, Facebook told ZDNet that the Sunday Times paper was wrong, that there's no actual reading of user text messages. "Facebook said that lots of communications apps use these permissions, and the application technically has the capability to integrate with the phone’s SMS system, but added that it is for testing purposes," the report states.

According to a list of app permissions, Flickr has access to location data, text messages, contacts, who the user is calling, and the camera. Both Angry Birds and Shazam have access to location data and who the user is calling, whereas Netflix only keeps tabs on the user's internet history.

Out of fourteen listed apps, Netflix and Ancestry are the only two that don't keep tabs on who the user is calling, and only four don't collect location data. Four apps have direct access to the camera including dating site Badoo, Ancestry and My Fitness Pal. My Remote Lock will actually intercept a phone call.

You need to be logged to post a comment

There are 25 Comments.

Top Comments

22

GenericUser , February 28, 2012 2:27 AM

Just another "we're not REALLY doing what it looks like, we just have those features in there for no good reason on accident" case. "Testing" purposes? If you don't have plans to explicitly use those services on the phone, don't request those permissions.
17

fancarolina , February 28, 2012 2:34 AM

Some explain to me why Android and iOS don't give users a choice about permissions. Simply telling me what the application wants isn't enough. I should have a choice if I want to allow each item or not. If the app doesn't run right for my permission choices then I will know it. Then I can choose what to enable to make it work or not depending on what I want to allow.
11

Crush3d , February 28, 2012 2:29 AM

Companies want to see how far they can go before users have had enough and take a stand.

Good thing the government is looking out for the people and protecting their privacy and best interest. Not.

Other Comments

-1

the_krasno , February 28, 2012 2:19 AM

Oh come on! People who care about their privacy will have to lock themselves out of the internet at this rate!
22

GenericUser , February 28, 2012 2:27 AM

Just another "we're not REALLY doing what it looks like, we just have those features in there for no good reason on accident" case. "Testing" purposes? If you don't have plans to explicitly use those services on the phone, don't request those permissions.
11

Crush3d , February 28, 2012 2:29 AM

Companies want to see how far they can go before users have had enough and take a stand.

Good thing the government is looking out for the people and protecting their privacy and best interest. Not.
17

fancarolina , February 28, 2012 2:34 AM

Some explain to me why Android and iOS don't give users a choice about permissions. Simply telling me what the application wants isn't enough. I should have a choice if I want to allow each item or not. If the app doesn't run right for my permission choices then I will know it. Then I can choose what to enable to make it work or not depending on what I want to allow.
8

fancarolina , February 28, 2012 2:35 AM

FancarolinaSome explain to me why Android and iOS don't give users a choice about permissions. Simply telling me what the application wants isn't enough. I should have a choice if I want to allow each item or not. If the app doesn't run right for my permission choices then I will know it. Then I can choose what to enable to make it work or not depending on what I want to allow.

Someone.

Furthermore why is there still no edit function on this site!
5

jaber2 , February 28, 2012 2:53 AM

My wife typed "wedding" on msg, she got bombarded with wedding adds for few days, if only she did a search on google, she would have noticed same when ever she visited any site with adds.
8

the real mr b , February 28, 2012 3:05 AM

The simple equation : More_Spying = More_Revenues clearly demonstrates that it will only get worse.
-2

warezme , February 28, 2012 3:41 AM

I'm not a technophobe but I have no apps on my phone that didn't come with the device and most of those I have disabled or removed. I have no Twitter or Facebook account and don't care to have one. Even though I am an IT pro and maybe because of it, work in the business, know what it is about and I am really into some very high end stuff most people don't even know exist. People that understand the business don't use most of the social stuff out there and if they do, they do it on PC's that are armored against attacks behind firewalls and filtering systems. If you are going to be nonchalant and flippant about what you install and use on the internet and your phone, be prepared for the consequences and don't bother to complain about it.
2

A Bad Day , February 28, 2012 3:47 AM

"Sir, the vast majority of our customers have around 8th grade reading level."

"Good. Give them lawyer-grade reading level material. If they don't understand, they'll accept it."
6

anonymous@guest , February 28, 2012 3:50 AM

It should be illegal for a company to bury terms behind a bunch of legal jargon designed to protect themselves. Furthermore it should be illegal for them to set a fixed window size for the display of said terms. Many EULA's are 15+ pages long, sitting inside a tiny windows displaying no more than 4 lines of text which is non-resizeable. On top of that, they print 5+ paragraph in a row in all caps making it impossible to read. They are clearly purposely making it difficult to read. All of the statutes an EULA grants should be spelled out plainly above, and then all of the legal technicalities can be listed below. Right now they just randomly throw it all in there together.
6

thehelix , February 28, 2012 4:12 AM

FancarolinaSome explain to me why Android and iOS don't give users a choice about permissions. Simply telling me what the application wants isn't enough. I should have a choice if I want to allow each item or not. If the app doesn't run right for my permission choices then I will know it. Then I can choose what to enable to make it work or not depending on what I want to allow.

As much as people want to bash RIM, i can do all those things on my 3yo blackberry.
1

nebun , February 28, 2012 4:22 AM

why am I not surprised?....this is too funny
0

Marco925 , February 28, 2012 4:23 AM

If you have the facebook app and a facebook account, you've already sold your soul. there's nothing more they can possibly know about you.
0

kyuuketsuki , February 28, 2012 6:53 AM

loleulaIt should be illegal for a company to bury terms behind a bunch of legal jargon designed to protect themselves. Furthermore it should be illegal for them to set a fixed window size for the display of said terms. Many EULA's are 15+ pages long, sitting inside a tiny windows displaying no more than 4 lines of text which is non-resizeable. On top of that, they print 5+ paragraph in a row in all caps making it impossible to read. They are clearly purposely making it difficult to read. All of the statutes an EULA grants should be spelled out plainly above, and then all of the legal technicalities can be listed below. Right now they just randomly throw it all in there together.

This is actually spot on. EULAs really need some kind of standardized, enforced format for ease of reading, and having some kind of summary of key points that can quickly be scanned through by most people who are, quite reasonably, not inclined to spend a lot of their time slogging through legalese every time they want to use some new software (and again whenever their existing software has its EULA changed).

As it is, EULAs and other similar types of agreements should really be unenforceable seeing as they're obviously and explicitly designed to *not* be read.
0

alidan , February 28, 2012 9:21 AM

the_krasnoOh come on! People who care about their privacy will have to lock themselves out of the internet at this rate!

or just not post to twitter, facebook, and run around in a car with a megaphone on top yelling about how bad it burns when peeing after hooking up with a 1 night stand.
-1

rich d , February 28, 2012 5:29 PM

Noticing the extent of permissions is what prompted me to delete the Facebook app from my Android phone a few months ago. The operating systems really should allow us to block certain permissions while allowing others.
0

john_4 , February 28, 2012 5:47 PM

Only stupid Tools use Facebook.
0

john_4 , February 28, 2012 5:48 PM

Crush3dCompanies want to see how far they can go before users have had enough and take a stand.Good thing the government is looking out for the people and protecting their privacy and best interest. Not.

The FEDS are in on it too, free spying on the enemy, the US citizens.
-1

john_4 , February 28, 2012 5:49 PM

Wow Tom's is up there with 12 hits with Ghostery on this page. FOX News wins with 17.
-1

gm0n3y , February 29, 2012 12:01 AM

It seems like every app I install asks for permissions to access all of my data. Even simple apps like a notepad or flashlight want to know who I'm calling, what I'm texting, what sites I'm visiting, etc.

It seems like if you can make a free app that is marginally useful, you can make a ton of money just making it run all the time in the background collecting personal data and selling it.

Display more comments

Facebook Accused of Reading Text Messages via App

Tom’s guide in the world