Android Apps targeting Android 6.0+ need to handle grant/revocation of permissions at runtime. Previous versions of Android would simply ask for the same permissions upfront when a user installed an app.
If I'm understanding the other comments in the thread then the behavior is based on how Android worked in that older version... e.g.
if (on) { /* execute code for said feature */ }
Which implies:
"
In the version of Android mentioned the on flag is on when you install. It was a feature of that version of Android to turn it on... how can FB know you didn't want it on?"
isn't this the expected behavior for apps that you give the sms / voice call / contacts permissions to? i would be surprised if any such app did not display my call/sms history and autocomplete contacts.
I think it would be expected for local access, on the device where the data was originally stored. It is wholly unacceptable for them to upload that data. If someone has my name and phone number and installs Facebook, they have just given Facebook all of my personal information.
Its not unexpected, but still alarming given the recent news on how and the extent to which third party apps are mining your data/sending targeted ads/manipulating people with data that's given for a benign purpose like inviting friends from your contacts (Trojan horse).
As I understand once some app gets your data, is USA there is a freedom to do whatever the company wants, and sell or share them with anyone including the governemnt.
At least Wikipedia says [1]:
> In general terms, in the U.S., whoever can be troubled to key in the data, is deemed to own the right to store and use it, even if the data was collected without permission, except to any extent regulated by laws and rules...
As the sibling's linked tweet says: go to Facebook, then settings (? top right of masthead for me) and then at the bottom in greyed out print is a link for "download". It then asks for confirmation and says it'll email you when your archive has been prepared for download.
Is this really surprising to anyone? I'm surprised that this information as available to download, but I'm guessing that's not because Facebook wants to provide it (there's probably laws in New Zealand which force this?).
They will have to provide it to you upon request. If they’ve got some self-service system then great, but if not they’ll legally have to do it manually.
I just used their self service system and they didn't provide any information about me that I didn't provide myself. For example, they didn't include my phone number, even though they surely have it since I a sure to have friends who has their mobile application installed.
My intention is to have a lawyer send them a letter asking for this information, but I'll wait until GDPR comes into effect first.
Android 6.0 was the first version to implement permission control. Looks like this guy was running 5.1, so we at least know how Facebook got access to that info.
If you scroll through the replies, he does admit to opting into a feature to integrate SMS and phone with Messenger [1].
No doubt there's a permissions/version and facebook-overstepping-ethics conversation to have here (as always), but this isn't as major as the title implies. It does seem like Facebook continuing using permissions after he opted-out.
I have never/ever installed Messenger on phone, yet all calls/texts are in FB. Either they are copying it from WhatsApp servers, or stealing using FB app, not sure.
After reading this, I tried to download my data from Facebook. However, avast antivirus on my machine detected a Trojan in the zip file from Facebook with my data and blocked the download with this message:
"We've safely aborted connection on bigzipfiles.facebook.com because it was infected with Java:Malware-gen[Trj]"
I find this very weird. Did anyone here faced the same issue ?
Unless Facebook is serving up malware in its zip files (possible, but unlikely IMO), you may have other malware on your machine that could be piggybacking off the connection to download more junk. I'd run a full scan with Malwarebytes to be sure.
40 comments
[ 3.5 ms ] story [ 96.8 ms ] threadBesides other people don't seem to be able to reproduce it.
if (on) { /* execute code for said feature */ }
Which implies: " In the version of Android mentioned the on flag is on when you install. It was a feature of that version of Android to turn it on... how can FB know you didn't want it on?"
What user wants that "feature" on? (or at least to send the data to Facebook for storage)
They were just "Accepted when installed" type permissions rather than "Hey, would you kindly grant me access to all of your data" type permissions.
At least Wikipedia says [1]:
> In general terms, in the U.S., whoever can be troubled to key in the data, is deemed to own the right to store and use it, even if the data was collected without permission, except to any extent regulated by laws and rules...
[1] https://en.wikipedia.org/wiki/Information_privacy_law#United...
Does it matter?
I'm curious how to get your shadow profile's data if you don't have an account.
My intention is to have a lawyer send them a letter asking for this information, but I'll wait until GDPR comes into effect first.
Doesn't justify it though.
https://developer.android.com/guide/topics/manifest/permissi... (see "introduced in")
Many apps request the phone permission to change their behavior on incoming calls, or during calls. For example, they would stop playing audio.
Access to text messages is sometimes requested to automate text message-based one time pad flows for the user.
That said it would certainly feel much more comfortable if you could delete it altogether.
No doubt there's a permissions/version and facebook-overstepping-ethics conversation to have here (as always), but this isn't as major as the title implies. It does seem like Facebook continuing using permissions after he opted-out.
[1] https://twitter.com/dylanmckaynz/status/976825435026735104
The SMS integration was disabled after a few weeks of usage, the app was too buggy.
I find this very weird. Did anyone here faced the same issue ?
I hope people start to understand how deep state systems facebook and google are..