Facebook Android App Found Collecting Phone Numbers Without User Consent

17

Comments

+ Add a Comment
avatar

Abbidos1

Not sure if its just me but i keep getting more a more irritated with facebook and what it has become, move over the harvested data will be used to track person and suffocate them with spam and advertisements.

avatar

someuid

This is a bigger problem than just the Facebook App. The problems rests with Android and its complete lack of security features for the end user.

The fact that there is an API call that software apps can use to query your phone number, and that you have no way to disable this on an un-rooted phone, means this is going to continue to happen until Google gets serious about letting users modify app permissions and shut down some API calls entirely.

It is the reason I haven't bought an Android tablet and I run nearly no apps on my Android phone - the security is a joke. The idea of an Android PC is just laughable.

Windows 8 is only slightly better in that an app will have to troll through your folders to find 'valuable' info. I've no idea how secure iOS or MacOSX are, but I would consider them a smidge more secure than Android, seeing has Apple's main source of income is hardware and software, where Google's main source of income is advertising which is driven by knowing who you are and stuff about you that interests advertisers.

If someone came out with a decent Linux tablet, I'd buy it in a heartbeat.

avatar

Eoraptor

yes, becaus Apple is so much better... living in a land where they pretend viruses and malware don't even exist and the "official" app store has virtually no security software whatsoever.

It was a tightly controlled firewall app for Android that caught this behavior. if Playstore and the other Android markets followed the Apple example of believing in the security fairy, that firewaling program would never even have existed and Facebook would have gone on about its data thieving ways uncaught.

And incidentally Apple's main source of income is exactly the same as Google's. only a small portion comes from hardware, the rest is all music, app, and advertising revenue from itunes. http://appleinsider.com/articles/13/01/28/apple-now-collecting-twice-as-much-from-itunes-software-services-as-from-ipod-sales

but don't worry, linux tablets are on the ay, firefox OS rolls out tomorrow, and Ubuntu Phone is already in testing on many devices.

avatar

Cregan89

See my comment below...

https://play.google.com/store/apps/details?id=com.facebook.katana

And click on "permissions". You have to give explicit permission to any app you install to access the various API's.

In iOS you have no idea what APIs an app is accessing, you have to trust Apple to verify app security for you. In Linux, OSX, and Windows Desktop apps you have no idea either, unless you read through all of the application's source code (yeah right). You simply give the application full administrative rights or not.

Also, it's these API's that allow for apps which replace built in system functions in Android (like replacement keyboards, SMS apps, phone calling apps, home screen launchers, etc.).

The only limitation in Android without rooting is disallowing access to specific API's, it's an all or nothing choice by default. But this makes sense as default because disallowing access to specific APIs will often lead to unpredictable behaviour in an app and would frustrate the average user.

So as long as you can read, Android is very secure.

avatar

ApathyCurve

Mmm-hmmmm. All you people who called me a paranoid old so-and-so and a dinosaur for refusing to jump on the "social media" bandwagon... bite me.

avatar

elias21

FBI (FaceBook Investigation)I stopped using this app when they didn't like optimizing it well for android.

avatar

Xenite

Uhmmm "fix the issue" it wasn't a bug they intentionally allowed it to send those phone numbers.

avatar

dgrmouse

It's a fundamental flaw in the OS that permissions can't be manipulated in highly granular ways. This is true for Android, as it is true for Windows.

avatar

Cregan89

https://play.google.com/store/apps/details?id=com.facebook.katana

Click on "permissions", see "THIS APPLICATION HAS ACCESS TO THE FOLLOWING: READ PHONE STATUS AND IDENTITY ...This permission allows the app to determine the phone number and DeviceIDs...". Android asks the user to consent to any API's that an app requests access to before installing. Android is the only OS I know of with this "highly granular permission" system. Windows included this exact same system in Windows 8 and Windows Phone, although not nearly as granular as Android's. No other OS I know of uses this type of system to any significant extent.

So in fact, the two OS's that you've listed as examples of containing this "fundamental flaw" are actually the only two OS's in existence which DON'T have this flaw.

avatar

fung0

In Windows you can run your own firewall. It's a fundamental flaw of mobile OSes that they remove those kinds of options from the average user.

avatar

dgrmouse

This is true, but so few of them properly insulate applications. It could be sooooo much better! Imagine all those applications that feel like they need to install a system service being /allowed/ to do so, but having the services only run within the applications' execution runtime. Or having all of the files associated with an application consolidated into one large and easily identifiable file on your disk. Windows should've been doing this since before 7 - certainly our machines have been capable of doing it with almost no performance hit thanks to virtualization support for several generations.

avatar

Eoraptor

and by "fix the issue" they mean make it more difficult to detect in the future. Shadow Profiles anyone?

avatar

PCWolf

I wonder how many other Android Apps are stealing Phone Numbers & Contact information for spamming & marketing. This is why I wish Android would allow users to revoke an Apps permissions.

avatar

Peanut Fox

Revoking permissions is pretty easy to do once you've rooted the phone.

avatar

Eoraptor

Revoking permissions is a bit like going to the doctor after your fever hits 106. You may kill the virus, but the damage has already been done.

or, for a less medical metaphor, its like closing the barn door after the horse has got out. this app and apps like it send their info out on launch. so by the time you realize the app has done something you don't want it to do, it's a bit late to revoke or uninstall.

avatar

dgrmouse

Perhaps, but it's pretty ridiculous that one would have to go to such extremes just to get some basic application firewalling done. The situation is even worse on PCs, where the hardware has been in place for years to seamlessly run apps in a VM - instead, we get Metro.

avatar

Renegade Knight

The FB mobile app was already way too invasive for me to use it. I didn't need or want full FB integration with my Android.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.