On the topic that Facebook collects text messages and call logs on Android terminals

ByChristopher

It turned out that the Facebook application and the Facebook messenger application provided for Android were accessing the data that the user should not have originally authenticated. One user has discovered that past call records that Facebook can not know are included in the data stored on Facebook.

Facebook scraped call, text message data for years from Android phones | Ars Technica
https://arstechnica.com/information-technology/2018/03/facebook-scraped-call-text-message-data-for-years-from-android-phones/

Facebook has been collecting call history and SMS data from Android devices - The Verge
https://www.theverge.com/2018/3/25/17160944/facebook-call-history-sms-data-collection-android

In the Facebook platform, it is possible to download the data on the user held by Facebook side at once, and see the contents. Dylan McKay, who lives in New Zealand, actually downloaded the data, but he said that he had stored information on the telephone call record that he did not intend to authenticate himself. Mr. McKay has tweeted the screen with the record displayed along with a comment "Facebook seems to get all the call history with my partner's mother in some way."

Downloaded my facebook data as a ZIP file

Somehow it has my entire call history with my partner's mumpic.twitter.com/CIRUguf4vD

- Dylan McKay (@ dylanmckaynz)March 21, 2018

On the screen, the type of calling / incoming / absent, call start time, call duration, the name of the other party, etc. are displayed.


Mr. McKay also tweets that the history of text messages exchanged at the terminal remains. It seems that this was also a thing that I did not have memory that I authenticated against Facebook application.

My grandmother emailed me this from her data dump

sorry for the potato quality (read: what is a screenshot)

has a number of SMS records, spanning 2015-2017 claims to not use facebook or messenger apps, I have not verified this thoughpic.twitter.com/Nax5aBUeWQ

- Dylan McKay (@ dylanmckaynz)March 25, 2018

When smartphone applications access data such as personal contacts and call logs, it is common to ask the user for authentication in advance. However, in the old version of Android terminal, there seems to be occurrence of an event that access to data which should have not been authenticated by Facebook application goes through due to authentication structure. In the background, it is believed to be related to "Messenger" application also provided by Facebook.

In response to inquiries from Ars Technica, Facebook spokeswoman said, "The most important point of apps and services is to make it easy to find people who want to" connect ", so you Uploading the contact information in the terminal at the stage of signing in to the Facebook application, the messenger application, etc. for the first time from the terminal is widely used. "

ByEduardo Woo

Also, the spokesperson emphasizes that uploading contact information is not mandatory and requires users to authenticate when actually accessing data. It also explains that uploaded data can be deleted from web browser version Facebook setting page.

According to Ars Technica, Facebook operates an algorithm that notifies "acquaintance?" And the presence of acquaintance, based on the contact information in the terminal. Relatively new versions of the Android Messenger application and the Facebook Lite app have more stringent authentication confirmation when the application accesses the user's contact information, call log, SMS information, but in the past few years Android Because of the influence of the specification related to the authentication of the OS, the fact that the authentication classification was relatively loose continued, the achievement that the request for access to the data which should have been originally authenticated was passed Yes.

ByMichael Coghlan

Android 4.1 Jelly Bean Prior to installing Facebook app on Android terminal, if you had authenticated access to contact information, that authentication also authenticated access to call log and message log He said that he was in a state. In version 16 and later of Android API, since the authentication structure was reviewed, individual authentication became necessary, but even in that case even by daring to write the program using the old API, it is possible to avoid "restriction" I said that there was. In 2017 when the problem of getting phone call record data by Facebook was a problem, Google announced a policy to decide to use the old API. Apple's iOS is not structured to do such unintended authentication.

Facebook provides a mechanism to erase contact information etc. of users stored on the platform. However, Ars Technica's Sean Gallagher reporter actually deleted the contact information from Facebook and downloaded the archive data again the following day, it was said that the data that should have been erased was still left is.

Data stored on Facebook can be obtained by accessing Facebook from a web browser and clicking the link at the bottom of the "Settings" screen.