
Facebook for Android and Why Zuckerberg now owns your ass - intull
http://dannybrown.me/2014/04/04/facebook-for-android-and-why-zuckerberg-now-owns-your-ass
======
pilif
Android needs to fix the way the permission system works. As it stands now,
all permissions are asked upfront at installation time where the user has no
data available to make an informed decision.

Also, the fact that apps only auto-update when the permissions required don't
change produces all the incentive for app developers to just ask for
everything. After all, most conscious users will find something they object to
at install time anyways and thus might not install and most people don't read
the dialog anyways, so not much to lose.

But even when android changes to ask for permissions as they are required
(which could be done in a backwards compatible way by not throwing exceptions
but just pretending that whatever API call you just made has succeeded, but
then doing mothing or returning meaningless/no data), this still would not
help with a malicious app asking nicely with a legitimate reason ("let me
access your SMS to read the login token") and then using that permission for
illegitimate uses ("let me upload all your SMS to my server").

Even with all these permissions, it still boils down to trust and where on the
desktop world, this trust was rarely abused, in the mobile world between all
the built-in adware and social integrations, that trust is badly hurt.

~~~
whatts
Auto-updating without asking if the user is okay with the new permissions? How
should this work?

~~~
madeofpalk
Ask Apple. They seem to have solved this problem quite a while ago.

The iOS implementation allows rejection of individual permissions, doesnt
prevent install, and allows the developer the freedom to choose the best
possible time to ask. See
[https://medium.com/p/96fa4eb54f2c](https://medium.com/p/96fa4eb54f2c)

~~~
whatts
Well, you're right, but Apple's model is fundamentally different. I don't
think Android will switch to such a model in the (near) future. That would
mean a lot of things have to be changed, and hundreds of thousands of apps
would break. So we can safely assume Android will stay with its current
system. Thus there is only one possibility left: improve the current system.
Rejection of individual permissions would definitely the most powerful
improvement, while still being easy to implement.

------
nostromo
> What honest and useful reason can Facebook have to get access to my texts?
> Seemingly they’re running with the “It will help us target better” message.

A Facebook engineer explained this permission on Reddit when the story first
broke. They are using SMS access to speed up two-factor authentication. (They
send an SMS to your phone, and then read it automatically.)

Full explanation here:
[http://www.reddit.com/r/WTF/comments/1t5z45/facebook_why_the...](http://www.reddit.com/r/WTF/comments/1t5z45/facebook_why_the_hell_do_you_think_its_okay_to/ce4y6x2)

Should this information comfort you? It depends on if you trust Facebook.

~~~
Stealth-
ALOT of apps are starting to do this. I believe Snapchat initially was the
company that began doing it. When a site like Facebook uses your number to
identify you, this feature actually makes sense.

I wonder if more fine-grained permissions would make more sense for this sort
of feature. Perhaps it would be better if Android had support for "This app
may read text messages from 1-800-XXX-XXXX" or something similar instead.

~~~
regecks
I use XPrivacy
([https://play.google.com/store/apps/details?id=biz.bokhorst.x...](https://play.google.com/store/apps/details?id=biz.bokhorst.xprivacy.installer)).

With it, I have extremely fine-grained access control to a wide variety of
"system calls", including access to contacts, text messages and to the device
phone number.

In this case, I can permit access temporarily during the 2FA, and then return
garbage values the rest of the time. Easy. (Though obviously if they harvest
my text messages for other purposes during 2FA, that is a problem - but one
can that can be technically solved within XPrivacy imo.)

In other cases, such as running Skype, I deny access to everything always
(phone number, my location, contacts, Google accounts are the things Skype
makes system calls for) and Skype continue to works fine, so I think this is a
viable strategy.

~~~
sizzle
since first being introduced to XPrivacy, I absolutely can not use an android
phone without it. It really opened my eyes to how invasive some apps are when
running in the background or just inappropriately accessing info in general
(especially location information!)

------
batiudrami
I mean, the permissions do have reasonable explanations - using your contact
list to 'find friends'\- for instance, or writing to your call log because
they're integrating VoIP calling (I assume). The wording is just a generic
Android permission explanation and comes with any app which requests that
permission. If you really can't cope with it, there are apps like Tinfoil
which allow you to still use facebook without that added functionality and
permission requirement.

A good improvement for Android would be the ability to only request permission
when it's required for some key permissions (the way iOS does with contacts (I
think)). Enable SMS integration in messages? Android pops up a thing saying
'Facebook wants to be able to read your SMS and MMS messages. Cool?'. UAC for
Android.

~~~
Inversechi
You can block such permissions in CyanogenMod based roms via their 'Privacy
Guard' feature. And I am sure there are other solutions but most likely would
require a rooted device.

I think such functionality as you described should be included into Android as
standard allowing the user to grant permissions to confidential information.

~~~
blueskin_
Privacy Guard is too limited. It's better than nothing, but doesn't block
enough intrusive requests. Try XPrivacy instead.

------
jrockway
This article is an excellent case study of what happens when engineers
communicate through lawyers and a coarse-grained permissions system.

The engineer at Facebook wants to be able to send the phone a message so as to
authenticate the validity of a phone number. She writes an Android app to do
this. To get the text messages, she has to request the READ_SMS permission, so
she does.

Meanwhile, the lawyers at Facebook are paid to protect the company from
unnecessary liability. They decide to write a ToS that says they can do
anything; that way, if they do something you don't like, you can't sue them,
thus protecting the company from liability.

Later, some other engineer comes along and puts these two pieces of
information together. READ_SMS!? They can do anything they want!? They _must_
be up to something shady!

Turns out: nope! Just a miscommunication.

The real innovation in our field that I hope to see in the next few years is
the right balance among the following concerns:

* Ease of use, even among non-technical users.

* Security from malicious applications / extensions / apps / etc.

* The service provider's desire to not be sued.

* The user's desire to not have his privacy violated.

If you give everything fine-grained permissions, you'll have to be a software
engineer to understand how to use the application. If you don't have any
permissions, every Flappy Bird clone will subscribe you to paid SMS services.
If the service provider claims to be liable for privacy breaches that they
didn't intend, then they'll have to prove, in court, at great cost, that
they're not to blame, every time any of their billion users complains. If the
service provider claims to be able to do anything, the user will assume that
they're reading all of his email to pick stocks and get some good info for
stealing his girlfriend.

So it's clear that the extremes don't work. What we need to find is what does
work. This write-up shows how one non-extreme balance doesn't work. Let's find
another one and try again!

~~~
enscr
> If you give everything fine-grained permissions, you'll have to be a
> software engineer to understand how to use the application

No, that fine grained permission can be intelligent & automated to protect the
non-tech user. That's where Android needs to innovate. Going forward with
giving blanket permissions to anything being the only way to install an app is
a bad idea, even if it's a reputed company like Facebook. I don't want 10
different apps accessing my SMS just to enable easy 2FA. I also don't trust
many reputed companies into doing what's best for my privacy & security.

------
clef
He doesn't own my ass, I don't have a Facebook/Instagram/whatsapp/(whatever
Facebook owns or will own) account and never will. I'll never need to, just as
people never needed to 10 years ago, Nor will I ever have any oculus rift
thingy on my head. So there, he doesn't own my ass! And when Facebook starts
buying people's asses for 10 billion bucks, I still won't sell mine :)

Edit: and if one day Facebook owns the internet, then I'll buy a farm, grow
veggies and get off the "grid". I'll become a "nature growth hacker" (
remember you saw it here first!).

~~~
digitalengineer
Ever heard of Dark Profiles? Sorry to say this but Facebook does own your ass.
[http://tech.firstpost.com/news-analysis/facebook-
developed-s...](http://tech.firstpost.com/news-analysis/facebook-developed-
stalker-dark-profiles-says-ex-employee-in-new-book-29560.html)

~~~
enscr
No, creating dark profiles does not mean it'll suck data out of your device.
It just means it'll gather existing data from web/pics etc.

~~~
digitalengineer
And from your friends address book, SMS/chat/whatsapp...

------
jdp23
Indeed. Facebook has a repeated pattern of going too far infringing people's
privacy and then apologizing [1], so why would anybody trust them not to abuse
the permissions once they've been granted?

I just got a new Android phone and it was an easy decision not to install the
Facebook app.

[1] [http://allthingsd.com/20111129/the-apologies-of-
zuckerberg-a...](http://allthingsd.com/20111129/the-apologies-of-zuckerberg-a-
retrospective/)

~~~
enscr
Their classic 'break things fast' mode. Keep infringing on user's privacy
until they shout.

------
staticelf
There is a very simple solution: Don't use facebook. It sucks anyway. There is
absolutely no need for you to own an account.

// Normal 20-something year old

~~~
ojii
For me, Facebook doesn't "suck". It helps me stay in touch with friends on
other continents in a more user-friendly and convenient way than email/phone
calls/letters. It makes it easier to organize events/get togethers with
friends nearby because it allows n-to-n communication unlike SMS/phone calls
and virtually everyone has it. I pay a price with my privacy but so far I'm
fine with the tradeoff.

~~~
72deluxe
_I pay a price with my privacy but so far I 'm fine with the tradeoff_

Some people aren't alright with the tradeoff. I manage to stay in touch with
family and friends without using it, but they happen to use it extensively. I
suppose the "it sucks" opinion is just as polarising as the "I have no privacy
but it's fine". Looks like the argument will never be settled!

I can imagine attempting to send letters to friends in other continents would
be slow, but a nice touch if you received a letter.

~~~
ojii
Absolutely agree with you. It is most certainly possible to not use Facebook
(and I commend you on doing so successfully). But stating "Facebook sucks" as
fact, as opposed to opinion, is just wrong in my opinion (and it looks like
you would agree).

And yes, sending letters is fun. Guess I'm just too lazy/used to the
convenience of the internet.

------
shinratdr
This is a great reason why the iOS permissions model is miles better. It's not
perfect, but it's a far more logical and friendly approach than the all-or-
nothing approach that Android uses.

I hate the Android model. On my Android devices, I've declined many installs
that I have happily made on my iOS devices because of overzealous permission
requests made by the Android version. Being able to grant those permissions as
needed and revoke them without removing the app entirely is awesome and why
Google has avoided implementing it in Android to date is beyond me.

~~~
bigbugbag
Say what ? holy war between of iOS vs Android ? irrelevant!

Smartphones are a huge privacy liability whether apple, google or other.
facebook is another mega huge privacy liability.

Why google avoided implementing sane privacy control in android is obviously
because google is even more of a über huge liability privacy.

Google basically has a head start of a decade and a reach not even facebook or
apple can dream of.

Apple makes money by selling overpriced hardware, google makes money by
collecting data about you and selling ads, facebook is a website where people
give away their privacy who's happy to exist on devices built by apple and
google and has no proven business model (robbing advertisers of money only
works for so long says history).

------
jhgg
If I recall correctly, the SMS permission is so that the app can read the code
that facebook sends to your phone to confirm that you own the number that
you're trying to link to your facebook account. Another app that I know of
that does this is TextSecure, to register your number with their servers, but
then again that's a text messaging app, so I'd expect it to be reading my text
messages.

------
zhte415
I feel it is worth mentioning that if any app scrapes SMS messages they could
also scrape messages sent that don't just contain personal information, but
which also contain personal financial information (i.e. bank statements or
transaction notifications). Many jurisdictions have harsh punishments for
accessing / storing financial information (with requirements on where the
information is stored, for how long, regulatory approvals, etc) far in excess
of punishments for violating 'normal' personal information privacy laws.

I'm sure Facebook are aware of this. All app developers should be too.

------
STRiDEX
Here's facebooks response as to why the android app requires what it does.
[https://www.facebook.com/help/210676372433246](https://www.facebook.com/help/210676372433246)

I think this article is sensationalist garbage with no proof of facebook
mistreating user data.

~~~
enscr
Proof? What do you want them to say. Right in bold red that we WILL read all
your SMS & sell that data to advertisers.

Will I agree that the article is sensationalizing, but if history is any
indication, Facebook can & will use all this data against your wishes.

~~~
declan
>Facebook can & will use all this data against your wishes

Facebook is limited to what its privacy policy and TOU allow. If Facebook goes
beyond that, the FTC, state attorneys general, and a bevy of bottom-feeding
class action lawyers will sue (and win).

Anyone who doesn't understand this -- this is directed at the author of the
blog post that started this thread, not the parent post -- has no business
writing about privacy.

~~~
enscr
> Facebook is limited to what its privacy policy and TOU allow

That's an utopian interpretation of how corporations work. Most of them have a
motto : "It's easier to ask forgiveness than it is to get permission"

Proof : A lot of genuine lawsuits...

~~~
declan
>Proof : A lot of genuine lawsuits...

Not quite. The "genuine lawsuits you mention are proof only that (a) bottom-
feeding lawyers file meritless lawsuits in hopes of a fat $$$ settlement, or
(b) that sometimes even well-intentioned companies make mistakes and do things
beyond what their privacy policy and TOU permit.

------
ISL
FB's mobile web interface has worked fine for me. No app, nor permission-
granting, required.

~~~
petepete
And if you want to sync contacts, you can always use HaxSync.

[https://play.google.com/store/apps/details?id=org.mots.haxsy...](https://play.google.com/store/apps/details?id=org.mots.haxsync)

~~~
blueskin_
Or back them up normally with Titanium Backup. If you have Google Contacts
Sync installed, you'll need to freeze or uninstall it first to make local
contacts though.

------
not_paul_graham
Does FB require similar permissions on iOS?

Also, the permissions they ask for seem like FB is angling to figure out a way
to play a bigger role in your life and not just restricted to advertising such
as sending out a text or placing calls to most frequently dialed numbers when
they figure out that you've been in an accident.

But is seems more likely that the US govt. to do any of the following if they
make new laws that are an iterated version of the FISA, etc. laws that give
them unrestricted access without any need for disclosure:

> Someone is lost, kidnapped, in an accident, law enforcement can figure out
> ways to subpoena this information.

> Send fake texts or calls on your behalf and then use that as grounds to
> detain / question / imprison you.

> Data mine text information to figure out if a revolution is happening in a
> dissident country and perpetuate this by sending texts to a wider network
> (similar to starting a local twitter clone in Cuba). If this is a friendly
> country, you can warn your allies and have these people held as political
> prisoners in countries such as Saudi Arabia, etc.

> Lots of other scary scenarios.

~~~
jhgg
Permissions on iOS are usually asked as the app needs them, whereas on
Android, all permissions needed by the app have to be granted before the app
is installed/updated.

------
blueskin_
This is exactly why I would never install facebook's app (or any other such
bloatware crap that does nothing the website can't). Access SMS, camera and
location? Fuck no. Android also deserves part of the blame though for not
having a way to allow/deny permissions and prevent apps from running as
background service when they don't need to.

------
NateG
I often go to install an app but then abort when it asks for what I consider
to be overreaching permissions for what the app is. I'm sure the majority of
the apps need the permissions for a valid reason that isn't nefarious,
however, the end result should be the user's decision. This all or nothing
approach is maddening and ridiculous. Simply allow the end user to selectively
accept and deny permissions and require app developers to handle the cases
when the permission they are asking for are denied. I would feel much better
and buy/install a lot more apps.

------
dsirijus
One could say that required permissions there are just for reading the SMS
confirmation codes and easing that friction, in which situation they're
actually enabler of better security of your account.

~~~
malka
Another one could say that it ultimately boils down to your trust in Facebook.
Do you trust enough Facebook to give them a full access to your SMS? I don't.

------
sspiff
It's important to note that this is not just a Facebook problem - though
Facebook may have the largest install base of affected applications.

Many applications on Google Play ask for excessive rights - I always presumed
this was being pushed by mobile advertising services.

I think it's an important issue for Android, as most users are unaware of or
careless with these things, and it's just one high profile (perceived) abuse
example away from seriously damaging Android's reputation as a platform.

------
bdan
Anybody using Tinfoil for Facebook, s wrapper over the mobile FB website? It
allows greater privacy and you never have to worry about your SMS or pictures.

------
nikolak
> _But check out the exact wording of the SMS /MMS Permission, and that of the
> Contacts one._

It's impossible to word it in any different way, no matter what you want to do
with messages - even if your code is written to read message from one specific
number and not even do anything with it the permission text will stay the
same. This is text that was set by google.

> _What honest and useful reason can Facebook have to get access to my texts?_

If the author googled it he would would have noticed official facebook page
that explains the permission used. It's used _only_ to confirm your phone
number - if you want to.

> _Yet as I say time and time again, this has to be opt-in_

Android permissions don't allow opt-in, or opt-out for that matter.

> _All it wants are numbers, pure and simple, and the data that comes with
> these numbers to sell to the highest bidder._

Use something equivalent of privacy settings in CM, I think they're using the
AppsOps (sp?) and you'll see that non of the data was even accessed let alone
sold to highest bidder.

_____

This article is unresearched, paranoid, bullshit.

------
sandwell
I'd like to see optional permissions. I'd like to be able to deny facebook the
ability to read my SMS. I would happily do 2-step authentication manually if
it meant that they couldn't read my texts. I don't have a lot of experience
developing with android but this seems like smaller change than other
suggestions, like granular permissions.

------
esalman
I have App Ops on my phone and Facebook app installed for a while. It says
Facebook app read contacts recently. But it 'never used' other sensitive
permissions, like read messages, call log etc. I agree that Facebook app
probably should inform us why it actually needs these permissions.

------
plicense
I don't use facebook :D

------
whatts
Android just needs App Ops back -- all privacy issues solved. But it seems
this won't happen. Pressure from Facebook etc.?

------
lugg
In 20 years are our children's children going to ask us old people what
privacy was when they see it in a book somewhere?

Sometimes I wonder what we're leaving the next generation. I'd love to change
it if anyone has some realistic ideas.

------
adamnemecek
If only there was an easy way not to have a Facebook account. Oh wait.

EDIT: Why exactly am I getting downvoted?

~~~
Zarel
> _Why exactly am I getting downvoted?_

Well, you're probably irritating people who like Facebook by implying that
Facebook's actions are so bad that not having a Facebook account is a good
idea. And you're probably irritating people who dislike Facebook by implying
that their actions are justified because it's possible to opt out by not
having a Facebook account.

In all seriousness, here at HN we're generally looking for posts that
contribute to the discussion. Your post simply bashes Facebook and/or Facebook
users without saying anything that isn't trite and hateful.

~~~
72deluxe
He said that you don't have to have a Facebook account.

I wouldn't call that hateful. That's just a fact. And it would solve the
problem.

