Tag Archives: SnapChat

Android Facebook Messenger App Permissions Privacy Scare Story Examined & Debunked

A story on Huffington Post from December 2013 has been shared over 200,000 times, 10,000 were in the last 24hrs – The Insidiousness of Facebook Messenger’s Mobile App Terms of Service, but is it as scary as is made out? Should we all dump the Messenger app ASAP to save our privacy and protect our mobile from Facebook‘s access to it?

It seems to have started via Paul Joseph Watson’s November 2013 Infowars piece.  The story opened with a black ops-style reference to the “terms of service that allow the social networking giant to use the microphone on their device to record audio at any time without their permission.” Whilst Watson admits that “most apps on Android and Apple devices include similar terms to those pictured above, this is easily the most privacy-busting set of mandates we’ve seen so far.” He goes on to alarm users and assert that they “are agreeing to let Facebook monitor them 24/7, green lighting the kind of open ended wiretap that would make even the NSA jealous.”

The same story, which is actually old news, is doing the rounds on Bubblews thanks to its sharing on BubblewsFacebook page, although the post has now been removed, barely minutes after several people started liking my comment in response to the scaremongering. I wrote responses both on Facebook (thread now deleted by Bubblews) and on a several Bubblews‘ posts (some comments of which were also deleted), correcting people’s fears. In the end I wrote an article linking to the original scare stories.

All this is a re-visiting of old stories because Facebook is now forcibly transitioning its users (well closing the messaging features of its full app) from in-app Facebook messaging to the external separate messaging app Messenger, over the last week.

Facebook Messenger can accessIn the Bubblews post – viewed over 500 times, We Are Borg, &skilledz, scares us with the news that the app requires “unrestricted access to your phone’s system” and “Can call phone numbers without the user’s consent and can send SMS messages. Audio recordings can be made anytime by using the phone’s microphone without requiring user consent.”

This is simply not true, these are pre-permissions necessary to enable the app to respond when the user consents to dialling or messaging out!

Take the microphone, for example, whilst “permissions sound scary, [they] are actually logical. Permission to access the phone’s microphone to record audio does makes sense: it records audio when you’re taking a video and also when you’re video conferencing.”

In part II of his post his kneejerk response is to “recommend[s] a factory reset”. NO! This is misinformation and can cause untold stress and anxiety, not to mention data loss. This is irresponsible scaremongering and the article should not be being promoted on Bubblews’ Facebook page without some caveats and more responsible reporting and technical advice.

I’ve been an IT professional for 20 years, run a software company for 15 years, and been a computer programmer for over 30 years – my first programming was at school in BASIC on a 32k BBC ‘B’ Micro, next was a Napoleonic wargames simulator written on an Amstrad CPC 464 with 64k RAM to a C60 audio/data cassette! I went on to study Fortran 77 at University and learned to program HTML, javascript etc and then employed programmers in PHP, MySQL, Java, Ajax, CSS etc. I’ve used mobile phones and handheld devices since 1991 and still have every one I’ve owned from early Nokias to Sony Ericssons, via Psions, PalmPilots and PDAs from Compaq and HP to each and every Samsung tablet and Note 3.

Enough of the technology CV, to prove I’m a verified geek, what annoys me about these scare stories is that it puts people off useful software, feeds paranoia and makes people not trust technological advancement. Yes, there may be some dodgy companies out there, who ‘may’ misuse your data, but a factory reset is not going to remove Google, one of the biggest data miners out there, whose misuse of collected data has been proven – remember the ‘accidental’ collection of wireless data whilst creating Google Streetview?

Rather than flee the Internet from fear, learn how to use it safely, and understand what app permissions actually do, rather than terrify people. One quick place to check on things is Snopes which checks out rumours, scams and urban legends for you. Just search it for “facebook messenger” and you’ll see 4 results, the most recent update of which was yesterday, 8 August.

Whilst Snopes gives Messenger and the scary reports a “Mixed” review, due in part to the facts of the permissions being true but the interpretation of them being false, it ends with a reader comment to Sam Fiorella’s HuffPost piece, comments on which are now closed:

“Oh for crying out loud…

[Facebook Messenger] needs permission to record audio & video so that you can send an audio or video message. It can’t do it without you asking it to.

It can make calls if you ask it to because it links your facebook and local contacts lists.

It absolutely CANNOT do these things without YOU initiating them! It needs the permission in advance so that when you ask it to do these things, they WORK.”

The HuffPost article comments report people uninstalling the app as a result, Facebook could sue for defamation! Fiorella finally replied, before the comments closed, saying:

“I would agree that it’s not Facebook Messenger’s intention to record audio or take a photo without being initiated (eg. taking/adding a pic to a text msg) but once you give permission for the app to do so automatically, what’s to stop a hacker or other app from doing so? We have too much blind faith…that’s the point I’m trying to make.”

More responsible reporting can be found at Android Central, which describes Fiorella’s original story as “spreading what we call Fear, Uncertainty and Doubt (FUD). They’re irresponsible, show a distinct lack of knowledge on the way Android permissions work, and frankly they do very little to educate. That’s not to say you shouldn’t look at an app’s permissions before installing it — you absolutely should.”

Facebook Messenger App PermissionsYou can check out the Messenger app permissions in the Google Play store or once installed via your phone’s SettingsGeneralApplications Manager select Messenger and then scroll down to see the permissions.

The majority of these are scarier than they look, but mostly exist to allow the app to send messages, make calls and add pictures, ‘selfies’, video, audio, media attachments.

Writing to and editing your SD card is for data cacheing, and “draw over other apps” allows the Chat heads to float in the foreground over other apps for incoming messages.

All permissions need to be accepted in order to install but some can be edited and turned on/off once installed via the app’s settings, such as turning Notifications or Chat heads off.

Google‘s Hangouts app, and SnapChat, also use similar permissions, indeed much of the “Big Brother” language of permissions, is decreed by Google‘s Android system itself, and not by Facebook. The wording and indeed the application of the permissions “doesn’t necessarily reflect the way the Messenger app and other apps use them”, says Facebook. Check out Facebook‘s explanation.

Some have suggested that the large memory consumption by the Facebook apps hides nefarious NSA-type secret monitoring and that like Norton, information could be passed to the FBI or MI5 without a court order. My Facebook app is currently using 195MB and the Messenger app only 45MB on my Android device – but that will vary with usage and cacheing, you’d have to delete all your data and logout then boot up the app but without logging in to run a full comparison. Skype is currently using 47MB, even more than Messenger. Twitter is using 152MB. There is nothing sinister with these memory usages, just bloatware and increased feature sets of evolving software.

On the Media‘s report describes the ‘news’ that Facebook wants to “listen to our phone calls” as “seemingly very Orwellian” but which is in fact a “good example of paranoia that misses the point.”

If anything, this false furore is a good example of poor communication – for a communication app, that is somewhat ironic! The poor messaging skills come from Facebook‘s media and PR department who are so mistrusted, especially after trying to cover up, I mean explain, their recent secret psychological experiment on hundreds of thousands of users.

Facebook is not good, at communication, by its own admission. Particularly, when it states that it takes “privacy and security at Facebook really seriously because that is something that allows people to share” opinions and emotions, said Sheryl Sandberg, the chief operating officer of Facebook, and chief executive Mark Zuckerberg’s deputy.

A recent Guardian poll suggested that 84% had lost trust in the social media network, with 66% considering closing their account as a result. Although in the 10 weeks since that poll, I’ve not seen more than 2 out of my 2000+ Facebook friends close their account, and at least one of which was for different reasons – transitioning to a professional page. So 0.1% at best have reacted by closing their accounts.

Facebook, is a net social benefit and/or necessary evil, depending upon your preference, just as I find having a phone useful, but sometimes invasive – I actually hate being called and prefer to use Messenger, or SMS if I have to, because I can control when to reply at my convenience, depending upon my time, health and mood.

Facebook is becoming as ingrained, prevalent and near universal, as phones and the Internet itself. Many people get their news directly from Facebook. For many it is their homepage upon opening their browser or booting to a Windows 8 tiled home-screen. It has become almost an operating system in itself where which one can search the web, read articles, watch videos, without leaving Facebook.

The best form of counter-attack to fear and ignorance is information, not alarmist misinformation or cyber-isolationism. Please think before spreading false or exaggerated stories, and check and re-check your facts, as well as your app permissions. Happy messaging!

[This article was first published on Bubblews]