Facebook Emails Suggest Android API Abuse To Collect Call, SMS Logs
Facebook may have successfully overthrown Google as one of the most reviled and distrusted tech companies today. Although it certainly had its fair share of controversy, it wasn't until the Cambridge Analytica fiasco this year that it became the target of intensified scrutiny and, of course, internal leaks. The latest comes from leaked emails published by a UK Parliament committee that reveals, among other things, discussion on what may be interpreted as misuse of Android's app permissions system.
The documents touch on a variety of topics but one that has seemingly ruffled a few feathers revolves around Facebook's access to call and SMS logs on Android phones. Specifically, an exchange implied that Facebook may have found a way to subtly ask users permissions to read, and therefore submit, such data without really asking their permission, or at least without popping up the usual Android permission dialog which, as the email suggested, would have been a "high-risk thing to do from a PR perspective".
This issue isn't new and has actually taken on different forms over the past months. The favorite theory is that Facebook misused a now unavailable feature on Android that would have let developers use a permission system that was in effect before Android 4.1 Jelly Bean. Back then, developers would be granted blanket permission to read call and SMS history along with the permission to read your phone's address book, something that the Facebook and Facebook Messenger apps do ask users permission to do.
Back then, Facebook denied such underhanded tactics and it does so even now. In both a press statement as well as a Facebook post from Mark Zuckerberg, the social media giant disputes any ill-intention and explains the decisions it made and the internal discussions that lead to those decisions. Additionally, Facebook calls out the source of the leak as not only self-serving but also vindictive. It says that Six4Three, creators of the controversial Pikini app, cherrypicked the documents to show only one side of the discussions and put Facebook in an unfavorable light. Six4Three has sued Facebook for closing off its access to user data, effectively forcing it to close its business.
Of course, it has become a "he said, she said" affair. Reporters and researchers have disputed Facebook's defense and pointed out contradictions in its excuses. Six4Three's case is still ongoing and whether or not it wins that, it may have successfully dealt Facebook yet another blow.