Yet Another Reason to NOT Trust “Trusted” Companies: Facebook Can Now Read Your Text Messages
Remember all those times when we here at the XDA Portal have told you that privacy is important? Despite many people thinking that we are all just a bunch of nerds wearing tinfoil hats, we do have our reasons to be somewhat paranoid. After all, we’re quite sure that you wouldn’t like the idea of having somebody snoop around your cell phone for all the naughty pictures and messages sent to and from your significant other. If you couldn’t care less about who reads the information on your device, then you might as well just go ahead and install Facebook. Yes, the Facebook app for Android. Yes, the free one from the Play Store. But, wait… Why would this app even be highlighted here? If this caught your attention, you will be glad to know that Facebook now has access to yet another part of your mobile life: your SMS and MMS messages.
Those of you in the US (and many abroad who are avidly for organically grown food) will likely remember an episode last year when the Monsanto Bill was passed along with a massive binder of bills and amendments by the US Government. The background of what the bill actually does is of no relevance, but rather how it actually become law. As it turns out, someone “slipped” the bill into the massive group of fixes and proposals and “no one” noticed. Why in the world am I bringing this up? Because Facebook decided that it would be a good idea to try and do the same thing with Android users.
According to an article that went up in reddit yesterday, a blogger found out that the Facebook Android app was about to automatically update itself, when he was prompted to accept some new permissions that had just been added to the app. The very first one: “Read your text messages (SMS or MMS).” It is no secret that Facebook makes a living out of collecting information and using it for targeted advertising. They already have access to all the garbage that we post on our walls, all the times we “check in” anywhere, all the pictures/videos that we upload, and let’s not forget our contacts and what we like and dislike. It is not like they don’t have access to pretty much every part of our lives, so why do they need more?
The comments in the reddit thread linked above seem to suggest that the permissions have been around since the end of December, so it is entirely possible that the upgrade came in the form of a staged rollout to prevent everyone from noticing this change at the same time and causing a fuss. As you would guess, they (Facebook) do have a somewhat of an official explanation for this permission, and that is to scan for SMS confirmation codes. The permission granted is far too broad to be granted to an app whose main function is to collect information about you. This is where selective permissions tools such as App Ops and Xprivacy come in handy. And based on some of the other permissions in the screenshot—well, lets just say that if you use any app on your device, Facebook will know about it. I mean, looking at those permissions, I have gotten rid of Trojans on my PC that used fewer permissions.
So, what options do you have as a user? For starters, if you truly do enjoy using the Facebook official app (not entirely sure why anyone would), you could either stay with it and live with the fact that Facebook will know everything about you or simply try to uninstall it and install a previous version that does not require these permissions. You could also try to block some of these permissions with various privacy suites. And last but not least, you could simply opt for a different Facebook client such as Fast. On the flip side, uninstalling Facebook might give you a nice boost in productivity, as well as battery life.
Being social on the web should not have to be something that we’re afraid of. But companies like Facebook are making it harder every single day, as we cannot even have privacy in the confines of our own virtual domain. Perhaps the best way to be social and share your experiences without being virtually cavity searched would be to host your own blog without a “Facebook” in the domain. Then again, you will still have the NSA to look out for, but that is a rant for another day. You can find the original blog in the following link.