
Facebook tracks all calls and messages on Android - m_ke
https://twitter.com/dylanmckaynz/status/976368845635035138
======
rorosaurus
If you scroll through the replies, he does admit to opting into a feature to
integrate SMS and phone with Messenger [1].

No doubt there's a permissions/version and facebook-overstepping-ethics
conversation to have here (as always), but this isn't as major as the title
implies. It does seem like Facebook continuing using permissions after he
opted-out.

[1]
[https://twitter.com/dylanmckaynz/status/976825435026735104](https://twitter.com/dylanmckaynz/status/976825435026735104)

~~~
dyl
For what it's worth, the cell metadata in the post is from over a year before
I even opted-into the SMS integration.

The SMS integration was disabled after a few weeks of usage, the app was too
buggy.

------
joethebro
Android 6.0 was the first version to implement permission control. Looks like
this guy was running 5.1, so we at least know how Facebook got access to that
info.

Doesn't justify it though.

~~~
andor
Android always had permissions:

[https://developer.android.com/guide/topics/manifest/permissi...](https://developer.android.com/guide/topics/manifest/permission-
element.html) (see "introduced in")

Many apps request the phone permission to change their behavior on incoming
calls, or during calls. For example, they would stop playing audio.

Access to text messages is sometimes requested to automate text message-based
one time pad flows for the user.

~~~
derimagia
By permission control they mean:
[https://developer.android.com/training/permissions/requestin...](https://developer.android.com/training/permissions/requesting.html)

------
leetcrew
isn't this the expected behavior for apps that you give the sms / voice call /
contacts permissions to? i would be surprised if any such app did not display
my call/sms history and autocomplete contacts.

~~~
f2n
I think it would be expected for _local_ access, on the device where the data
was originally stored. It is wholly unacceptable for them to upload that data.
If someone has my name and phone number and installs Facebook, they have just
given Facebook all of my personal information.

~~~
codedokode
That is how mobile messengers like Telegram work - when you install them, they
upload your contact list to their servers to "improve your experience".

------
chrisper
He is using Android 5.1... that was before the whole permission system no?

Besides other people don't seem to be able to reproduce it.

~~~
fractalwrench
Android Apps targeting Android 6.0+ need to handle grant/revocation of
permissions at runtime. Previous versions of Android would simply ask for the
same permissions upfront when a user installed an app.

~~~
slow_donkey
Yes but it's still possible to target a lower version of Android and request
all the permissions up front which must users would agree to

~~~
zamber
That's exactly what the Mi Home (for Xiaomi IoT stuff) app does. Pesky little
buggers.

------
rainhacker
After reading this, I tried to download my data from Facebook. However, avast
antivirus on my machine detected a Trojan in the zip file from Facebook with
my data and blocked the download with this message: "We've safely aborted
connection on bigzipfiles.facebook.com because it was infected with
Java:Malware-gen[Trj]"

I find this very weird. Did anyone here faced the same issue ?

~~~
freehunter
Unless Facebook is serving up malware in its zip files (possible, but unlikely
IMO), you may have other malware on your machine that could be piggybacking
off the connection to download more junk. I'd run a full scan with
Malwarebytes to be sure.

~~~
rainhacker
This was the case indeed. A full scan weeded out the existing trojans.

------
iooi
Is this really surprising to anyone? I'm surprised that this information as
available to download, but I'm guessing that's not because Facebook wants to
provide it (there's probably laws in New Zealand which force this?).

~~~
lokedhs
You probably have the GDPR to thank for this.

I'm curious how to get your shadow profile's data if you don't have an
account.

~~~
robin_reala
They will have to provide it to you upon request. If they’ve got some self-
service system then great, but if not they’ll legally have to do it manually.

~~~
lokedhs
I just used their self service system and they didn't provide any information
about me that I didn't provide myself. For example, they didn't include my
phone number, even though they surely have it since I a sure to have friends
who has their mobile application installed.

My intention is to have a lawyer send them a letter asking for this
information, but I'll wait until GDPR comes into effect first.

------
Teever
If I don't have a facebook account and the facebook app is installed on my
phone by cell provider but I've disabled it does it still do this?

~~~
lokedhs
If it's not disabled, then definitely it can do this. If it's disabled then it
should effectively be uninstalled so it should be fine.

That said it would certainly feel much more comfortable if you could delete it
altogether.

------
m_ke
It's interesting that this just dropped to the second page.

------
f2n
How do I request such a zip for myself?

~~~
m_ke
[https://mobile.twitter.com/shell_ki/status/97680538533092966...](https://mobile.twitter.com/shell_ki/status/976805385330929664)

~~~
thisacctforreal
Notably missing on mbasic.facebook.com

