The Internet is on fire with outrage right now about the security warnings in the Facebook Messenger app. The furor is based on the viral spread of a post on the Huffington Post back in December of last year. The issue has come to the fore because Facebook is taking the messaging capability out of the main Facebook app, so users will have to install the Messenger app if they want to continue to use the capability.
The particular problem is with the warnings presented to users when they install the app on Android. Many articles are describing this as the “terms of service” but the warning are the standard text displayed by Android based on the specific permissions the app is requesting.
Here are the warnings as listed in that original the Huffington Post article:
- Allows the app to change the state of network connectivity
- Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Malicious apps may cost you money by making calls without your confirmation.
- Allows the app to send SMS messages. This may result in unexpected charges. Malicious apps may cost you money by sending messages without your confirmation.
- Allows the app to record audio with microphone. This permission allows the app to record audio at any time without your confirmation.
- Allows the app to take pictures and videos with the camera. This permission allows the app to use the camera at any time without your confirmation.
- Allows the app to read you phone's call log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge.
- Allows the app to read data about your contacts stored on your phone, including the frequency with which you've called, emailed, or communicated in other ways with specific individuals.
- Allows the app to read personal profile information stored on your device, such as your name and contact information. This means the app can identify you and may send your profile information to others.
- Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.
- Allows the app to get a list of accounts known by the phone. This may include any accounts created by applications you have installed.
This strikes me as more an inditement of the over broad requests for permissions by apps in Android than any particular evil intent on Facebook’s part. Obviously many of these things would be very bad indeed, if Facebook actually did them. After significant searching I have not seen any suggestion at all that Facebook is or is likely to do any of these things without your knowledge.
Many articles are ranting about the possibility that Facebook might turn on your camera or microphone without warning and capture embarrassing sounds or images. Doing so would be disastrous for Facebook, so it seems very unlikely.
After reviewing the actual Facebook privacy policies and terms of service in the Messenger app, I don’t see any sign that these actions would be permitted but of course Facebook does have the right to change the policies, basically at will.
Don’t take from this that I am a Facebook apologist. Anyone looking back through this blog will see many cases where I have criticized them and their actions (here, here, here, here for example). There are major problems with the amount of data Facebook collects, how they collect it from almost everywhere on the Internet (not just their website or apps), and their privacy policies. I have turned off location tracking for the Messenger app on my iPhone because I don’t want Facebook tracking that.
However….. Facebook is not going to start turning on your camera at night to take naked pictures of you! There is a lot about privacy on the Internet to worry about, lets stay focused on the real stuff rather than these fantasies.