The Guardian
Facebook
Facebook logged SMS texts and phone calls without explicitly notifying users
Users complain of phone and text data collected by the company despite never having agreed to practice
Alex Hern and agencies @alexhern
Thu 29 Mar 2018 15.36 BST
Last modified on Thu 29 Mar 2018 22.00 BST
Shares
906
facebook
Facebook issued a ‘Fact Check’, in which the company repeatedly noted ‘people have to expressly agree to use this feature’ and ‘uploading this information has always been opt-in only’. Photograph: Dominic Lipinski/PA
Facebook began logging the text messages and phone calls of its users before it explicitly notified them of its practice, contradicting the company’s earlier claims that “uploading this information has always been opt-in only”.
In at least one previous version of the Messenger app, Facebook only told users that the setting would enable them to “send and receive SMS in Messenger”, and presented the option to users without an obvious way to opt out: the prompt offered a big blue button reading “OK”, and a much smaller grey link to “settings”.
Nowhere in the opt-in dialogue was it made clear that text histories would be uploaded to Facebook’s servers and stored indefinitely.
Other users have similarly disputed ever seeing explicit notification from Facebook that their communication logs would be uploaded. Sean Gallagher, a writer for Ars Technica, had never installed Messenger, and maintains that “there was never an explicit message requesting access to phone call and SMS data” in any version of Facebook he installed, yet discovered that his call metadata had been uploaded.
Last week, some Facebook users who were prompted to download their data in advance of deleting their accounts were shocked to find that they contained detailed logs of all calls and SMS messages they had sent with their phones, even if they didn’t use Facebook applications to make or receive phone calls or texts.
In response, Facebook issued a “Fact Check”, in which the company repeatedly noted “people have to expressly agree to use this feature” and “uploading this information has always been opt-in only”. But the vast majority of the post is written in the present tense, and the example disclaimer Facebook posts – which does explicitly say the app will “continuously upload … your call and text history” – was only introduced in 2016, a year after the feature was initially introduced.
The “Fact Check” did not acknowledge that in the past, different notification screens have been used, including ones that did not warn users that call and text history would be uploaded.
Call and text history has only ever been uploaded from users of Android devices, since Apple’s iOS operating system does not allow app developers to see that sort of private information.
Every Android user who did see their communication collected by Facebook has still opted in at least once, however, since they need to give the application permission to access their information. But until very recently, Android’s permissions structure has been extremely vague for end users.
Until 2012, any Android application that could access contacts could also access phone and text logs, but the operating system did not explicitly notify users of that fact. That changed with that year’s “Jelly Bean” release, which updated the dialogue to make it clear that both communication history and contacts would be accessible – but didn’t let users only grant access to the latter. Rejecting the request meant the apps wouldn’t work.
It wasn’t until 2015 when Google released Android 6.0, dubbed “Marshmallow” that Android phones finally split up those permissions. That meant users could agree to share contacts, but reject access to their messaging and phone histories.
That’s the same year Facebook says its apps started collecting this information. But many Android users are not using the latest version of the software and often cannot get it even if they want it.
The Guardian asked Facebook whether it stands by its characterisation that the surveillance “has always been opt-in only”, but the company declined to comment, only referring back to the initial Fact Check.
Share your experiences using the encrypted form below. One of our journalists may contact you to discuss further.
Topics
Facebook
Social networking
Data protection
Telecoms
news
Share on LinkedIn
Share on Pinterest
Share on Google+
Most viewed
World
UK
Science
Cities
Global development
Football
Tech
Business
Environment
Obituaries
back to top
become a supporter
make a contribution
securedrop
help
advertise with us
work for us
contact us
complaints & corrections
terms & conditions
privacy policy
cookie policy
digital newspaper archive
all topics
all contributors
Facebook
Twitter
© 2018 Guardian News and Media Limited or its affiliated companies. All rights reserved.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment