Guess What? Facebook Logs Your Calls, Texts (Update)

Updated March 25 at 10:15 p.m. ET with further comment from Facebook. This story was originally published March 23, and was updated later that day, and twice on March 25.

Facebook's Android app can log calls and text messages, several Facebook users, including one staffer at Tom's Guide, have discovered.

Credit: Chonlachai/Shutterstock

(Image credit: Chonlachai/Shutterstock)

In the wake of the Cambridge Analytica scandal, many Facebook users have been downloading their Facebook posts. Some of them are finding call and text-message logs from 2015 through 2017, although not the actual content of the calls or texts.

It's not clear why no calls or text from 2018, or before 2015, show up on the list. It's also not clear why only some people seem to have their calls and texts logged. We've asked Facebook about this and will update this story when we receive a response. (Update: Some possible explanations are below.)

The issue was brought to light by Dylan McKay, a New Zealand software developer who tweeted Wednesday (March 21) that he'd downloaded his Facebook posts.

MORE: How to Stop Facebook From Sharing Your Data

"Somehow it has my entire call history with my partner's mum," McKay wrote, "a historical record of every single contact on my phone, including ones I no longer have, metadata about every text message I've ever received or sent and the metadata of every cellular call I've ever made, including time and duration."

McKay pointed out that he didn't use Facebook Messenger to handle his text messages.

One of our staffers calls our boss a lot. Credit: Tom's Guide

(Image credit: One of our staffers calls our boss a lot. Credit: Tom's Guide)

Sean Gallagher, the IT and national security editor at Ars Technica, replicated it himself, finding calls made when he was using a presumably super-secure Silent Circle Blackphone as his main phone.

Among three Tom's Guide staffers with the Facebook app installed on their phones, only one had call and text logs included in her Facebook data download.

However, all three users got lists of all their contacts from their Android phones. So did users of the iOS Facebook app who'd downloaded their Facebook files.

MORE: How to Delete Your Facebook Account

So far, we can't tell whether the call and text logging is enabled by default.

The technology-news website Boy Genius Report said that users had to opt into a feature called Sync Your Call and Text History in the App Settings section of the Android Facebook App. But we found no such option in two instances of the Facebook app, one freshly installed on a phone running Android 8.0 Oreo and another long installed on a phone running Android 7.1.1 Nougat.

If you are able to find the Sync Your Call and Text History setting on your Android Facebook app, we suggest you make sure it's turned off.

UPDATE Sunday March 25: Facebook responded to our initial query on March 23 with a statement that addressed the uploading of contacts from all Facebook apps, but skirted around the issue of uploading call and text logs to Facebook's servers.

The official Facebook statement we received said:

"The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.”

That part of the statement's undeniable. However, the statement goes on to deliberately confuse the issue of giving an app permission to read contacts, which is indeed routine, and the issue of giving an app permission to sync the phone's call and text history with the app's parent company's servers, a practice which is not routine.

"Contact uploading is optional. People are expressly asked if they want to give permission to upload their contacts from their phone -- it's explained right there in the apps when you get started."

It also does not explain why BGR, and a still-extant Facebook help page, explain how to enable or disable text and call logging using the option called Sync Your Call and Text History in the regular Facebook Android app. There does not appear to be such an option in Facebook Lite or Facebook Messenger.

Screenshot by Tom's Guide

Screenshot by Tom's Guide

After we asked for clarification, a Facebook representative told us that only the Facebook Lite and Messenger apps had ever uploaded logs of calls and texts. No one we encountered whose text and call logs had been uploaded could remember having given any Facebook app explicit permission to do so.

On Saturday (March 24), Sean Gallagher at Ars Technica posted a story in which he may have found why the call and text logs were uploaded without explicit user permission, and also why Facebook can still legitimately insist that users gave its app permission to do by simply enabling the syncing of contacts:

We asked Facebook to comment on Sean's findings. On Sunday, we received an email from a Facebook rep pointing us to a Facebook blog post that begins:

"You may have seen some recent reports that Facebook has been logging people's call and SMS (text) history without their permission. This is not the case."

The blog post reiterates that call and text logging is part of the contact-syncing permission on Facebook Lite and Messenger, and that it's there only to "help you find and stay connected with the people you care about, and provide you with a better experience across Facebook."

It's really not clear why Facebook would ever need a user's call and text logs; why the logs we've seen end right about when Google deprecated the old Android API; or why, if uploading call and text logs is so crucial to the "better experience across Facebook," this helpful feature isn't available to iOS users.

We've asked Facebook for further comment.

Best Identity Theft Protection Services

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.