A little while back, I wrote about my concerns with the Facebook Messenger app, and the Permissions it needed demanded to function. It was these Permissions that saw me uninstall Messenger and ultimately close down my Facebook profile.

I’ve since activated a very stripped down Facebook profile, where I share a lot less than before and have it locked down to a very small number of family and friends – a very different experience from my “pretty much share everything” use on the deleted account.

Since I commute a lot, I installed the full Facebook for Android app. Usually, I have my apps to manually update, but because I had been testing the beta version of the new Android app before switching back to the “official” one, I’d neglected to change my app update settings.

This let Facebook download the latest update yesterday. And, originally, I was impressed – the new UI was slick and the experience far superior. So impressed, I shared a couple of screen grabs of the new interface.

Facebook for Android profile Facebook for Android newsfeed

As you can see, it’s a clean, easy-to-navigate experience. Finally, Android users had the app they deserved, right? Not quite.

The Devil Gives Better Choices than Facebook

You’ve probably heard the term “making a pact with the Devil”. Essentially, it allows you to have anything you want, in exchange for your soul being the property of the Devil when you die.

Facebook’s new Permissions kinda reminded me of this, given that they’re forcing you to give up any semblance of privacy you may have thought you still had left.

When I shared the pictures on Google+, Al Spaulding made me immediately regret the fact I was on auto-update. From his comment on the post:

It looks great. However I refuse to download it and am still using the older version from 2 mth ago. Why? Because the new one says pretty clearly that they can access your phone for anything. They can read your texts – take them off your phone and upload them to their server, place phone calls on your behalf, and even disclose your location without you wanting them to.

While I’m used to Facebook’s Draconian privacy settings, the part about accessing my SMS and MMS messages caught my attention. I don’t recall this being as explicit before (although it may have been), so I uninstalled the app and set about re-installing to check the Permissions out fully.

The results were a mix of scary and extreme.

Facebook SMS

Facebook contactsFacebook calendar Facebook call numbersThe Calendar I’d seen on previous Permissions, and the Calls (while annoying) I’m pretty sure had been there too. But check out the exact wording of the SMS/MMS Permission, and that of the Contacts one.

Doesn’t that alarm you as a user? Read that wording again, especially this statement:

This allows the app to read all SMS messages, regardless of content or confidentiality.

Wow. Just… wow. Not even my wife gets access to my SMS messages (and no, Jacki, I have nothing to hide!). What honest and useful reason can Facebook have to get access to my texts? Seemingly they’re running with the “It will help us target better” message.

I call bullshit.

Target Publicly and Respect Privacy

I’m a marketer. I get that data helps us target campaigns better, and (in an ideal world) meet the needs of our customers and audience by that very targeting. Yet as I say time and time again, this has to be opt-in, and publicly available data.

The moment you track data beyond public access, you’re moving into both immoral and – you’d like to believe – questionably legal areas.

Facebook requiring access to my SMS messages, as well as the friends I speak with privately on the phone, sets off major alarm bells, and this from someone that benefits from the amount of data publicly available.

I’m not naive enough to think anything we put on the web is private. And, since the NSA-Snowden affair, I’m even less naive to think that we don’t face the prospect of being snooped on by our respective security forces.

But it could be argued it’s in the interests of public safety for this level of monitoring (though some of the arguments are very tenuous). Facebook doesn’t protect us, nor does it seem to have our interests at heart. All it wants are numbers, pure and simple, and the data that comes with these numbers to sell to the highest bidder.

These Permissions for their Android app merely confirm that, and is why my use of Facebook will now be restricted to the web version.

Your privacy, and how you place it in the Facebook ecosystem, is something Facebook is counting on you to ignore. The choice is yours.

Sign up for free weekly content

Subscribe to my newsletter and get a weekly email with the latest blog post, recommended reading, quick tips and more. I respect your privacy and will never spam you.

(Be sure to check your Inbox to confirm subscription - thanks!)

Enjoy this post? Share your thoughts below:

324 Comments on "Facebook for Android and Why Zuckerberg Now Owns Your Ass"

4 months 4 days ago

if you have nothing to hide, why wouldn’t you allow your wife to read your text messages?

4 months 3 days ago

It’s an example used to compare with Facebook. The point being, I trust Jacki with my texts, but she’s never asked to read them, and this is my wife. So why on earth would I let a faceless entity, that’s shown numerous times before it can’t be trusted with your privacy, access? No thanks.

11 days 10 hours ago

Agreed! Knowledge is power… To add to the old axiom. Absolute power corrupts, absolutely! And absolute knowledge is absolute power!
If you had billions of dollars at your disposal, and you had absolute knowledge and absolute power could you really stop yourself from wanting to be king… and then making that happen? Think about it!

How does Facebook Became Scambook
4 months 26 days ago

[…]  Facebook for Android and Why Zuckerberg Now Owns Your Ass […]

How does Facebook turned it into Scambook.
8 months 9 days ago

[…]  Facebook for Android and Why Zuckerberg Now Owns Your Ass […]

9 months 1 day ago

Danny, being that you’re a writer and likely have more time to analyze things and then write a cohesive article n the subject, would it be possible for you to write a NEW article that outlines just why these permissions MIGHT ACTUALLY be needed as opposed to your paranoid view of why Facebook should care at all about you as a person?  Maybe there are actual, legitimate reasons for these permissions.  Maybe Facebook ISN’T the Devil but rather is just limited in how they can possibly word things to make lawyers happy as well as the paranoids of the world.  Maybe it’s Google’s fault that Facebook needs to go through these hoops in order to function on Android.  
This comment is about all the time I want to waste on this.  I am not important enough for Facebook to care about.  I also don’t take part in illegal activities so they’re free to know whatever they want about me.  They will be quite bored in 20 minutes and move on.

Danny Brown
11 months 6 days ago

docfox The problem is, other services with the “same” set-ups don’t require the Read and Write part (compare to Twitter, for example). Also, the majority of “average Joe” users won’t know about apps that deal with Permissions, etc. Nor should they be expected to, if developers and vendors played straight from the start.

11 months 6 days ago

Hi Danny
If we are to believe facebook, the sms issue is just for the initial activation message. ‘if’ being the key word. I am sure you are aware of permission manager which can modify ap permissions, post instal. eg https://play.google.com/store/apps/details?id=com.gmail.heagoo.pmaster

On Guinea Pig Brawls, Facebook for Android, and Games with Kids - California to Korea | and back again...
11 months 27 days ago

[…] So I continued using the old app until it expired, and Facebook automatically switched to the new one.  When I realized this, I deleted it off my phone.  I share a lot of info on the internet, and as a general rule, I’m not paranoid.  But I’m not voluntarily giving permission to Facebook to control/monitor my life.  Here’s an article on the same subject: Facebook for Android and Why Zuckerberg Now Owns Your A$$. […]

Facebook for Android and Why Zuckerberg Now Own...
1 year 15 days ago

[…] Your privacy, and how you place it in the Facebook ecosystem, is something Facebook is counting on you to ignore. The choice is yours.  […]

Facebook for Android and Why Zuckerberg Now Owns Your Ass | PingPal
1 year 15 days ago

[…] 21, 2014 Fredrik Beckman — No Comments Full article found here: Facebook for Android and Why Zuckerberg Now Owns Your Ass Your privacy, and how you place it in the Facebook ecosystem, is something Facebook is counting […]

Facebook ed il trattamento dei dati personali in Italia e negli Usa
1 year 20 days ago

[…] farlo ho preso le immagini condivise da Danny Brown nel suo articolo e le ho messe a confronto con quelle del mio cellulare durante l’installazione della App di […]

Perché ho deciso di disinstallare Facebook dal mio smartphone Android
1 year 22 days ago

[…] proseguo dell’articolo che se vuoi puoi leggere qui, Danny Brown critica il comportamento di Facebook, ritenendolo troppo intrusivo della sfera […]

Danny Brown
1 year 23 days ago

ScottAyres  If the piece was about the Messenger app, I’d agree (and there’d also be no article, given I’ve written previously about the Messenger app, as linked to in the post). But it’s about the main Facebook app – and, given Facebook’s recent announcement they’re removing messaging from the main app to force you to use Messenger, there’s even less need for some of the Permissions highlighted in the piece.

1 year 25 days ago

Maybe I’m the only one that could care less about privacy as I don’t see a big deal here. Seems like pretty standard permissions if I want a messaging app to be able to message people on my contact list…

1 year 26 days ago

@Chris  The problem with that argument is that it is so pervasive that in some fields you are essentially cutting off your nose to spite your face.

If you walked into Walmart you wouldn’t expect to have to give over your communication details in order to buy a pint of milk. Any person would turn round and say that that is excessive and an invasion of privacy. However because it’s an app on android, the rules suddenly change. All of a sudden you’re put in a position of having to make the choice of convenience over potential safety issues associated with giving away too many rights.

This issue isn’t just related to FB. There are plenty of apps out there that request access to rediculous things that they have no business needing. Yes you can choose to leave them out, but if you walk down that route too far you might as well become a hermit in a hole for all the good it will do you.

The solution is better guidance and enforcement. Why does FB need this? If they can really justify it, then sure. Otherwise they should be influenced to stop it – or at least give you more control over your data.

Beyond that, how many teenagers do you know who would say “no” to these terms in today’s culture and what that would mean in their social standing. There is such a thing as coercion, and their current track is very close to that.

1 year 26 days ago

Danny Brown StuartHarland  I guess it comes down to the difference between “need” and “want”. They are justifying it from the point of view of simplicity – supposedly it’s far easier for them to write some code that reads texts from them to confirm you are logging in from your phone than using some interaction between the phone, the user and the app. However when you use two stage authentication with say a laptop – or any other device other than the phone you have registered with facebook for that matter – you have to do precisely this. Ergo ultimately this argument about two stage authentication is somewhat mute and involves extra overhead without any real justification. 

As a result I would agree with you that their excuses are duplicitous, although that shouldn’t necessarily be translated as “FB want to read every SMS and record every phone call for ulterior motives”. 

Ultimately it’s really about marketing. Facebook for android is basically trying to tie you into their platform for everything you do on the phone. There is a reason they want you to send SMS via their app, or initiate your phone calls through FB as opposed to via the phone’s inbuilt contact list. That reason is marketing. If you come out of FB to use your phone as a phone, you’re not exposed to their ads. Thus they make less money. 

Personally I do not want those features – which is why I have them disabled in the app. However unfortunately there are people out there who do. As a result there is no middle way in Android to say “oh he doesn’t like that so we can disable it”. There should be and it’s mostly Google’s fault for designing it that way. 

In terms of the moral bit, I’d imagine the UK data commissioner and most likely the EU Commission would be interested in what is and isn’t acceptable here – They have mandated tracking should be optional for the web. Perhaps they should do something similar for phone apps. After all the current design paradigms for android are “either accept it and use the app” or “deny it and lose out”.

Danny Brown
1 year 26 days ago

DenzilDoyle  I have several, and the only one that had the same type of language as the Facebook one was Aviate, which I deleted.

Danny Brown
1 year 26 days ago

StuartHarland  To a degree, yes, I agree, Stuart – the Android marketplace is certainly less controlled than the Apple’s equivalent. Yet speaking to devs who work in both, their overarching agreement is that Facebook is duplicitous in the Permissions their app asks for. Their explanation boils down to the need to read for security with regards two-step log-in; yet this feature is markedly missing from Twitter, for example, who only read the Receive Texts option.
Given the news that Facebook are removing chat from the main app and forcing people to download Messenger, Facebook’s reasoning it’s needed for that function has lost its validity.

1 year 26 days ago

Whilst I can understand why you have some concerns – the idea that they can access all of your data without oversight is slightly concerning – the premise is more about their idea of integration than accessing everything you ever do. For example FB messenger can send and receive SMS in place of your normal phone’s capability.  Someone decided that that was a desirable function hence them needing access some of the stuff they request.

The trouble you get with that is that android market place doesn’t give you the option to limit certain privileges. Ergo they either ask for all of what they need to do certain things, or they ask for none of them and have to leave out the above functionality entirely. Unfortunately when you install the app, there is no way to say “oh I don’t want that bit” and disallow the privileges required to make that bit work. This is a flaw with android, not Facebook. Android would say “we can’t do that” because it would make application install far more complicated and they have to cater for the Luddites out there.

1 year 26 days ago

I am totally confused how much social apps do you have on your phone? Zero? Most social apps have some of the same privacy messages you showed in the screenshot above. These messages are not specific to Facebook, Google can also reads read your message and contact and call logs.

1 year 27 days ago

Danny Brown JamieCragerYes he did. It is poorly substantiated and some of his points are redundant. It is obvious he wrote the post in 5 min. just to get it live and be the first to write a post on it. With that said, between us, I’m sure we could come up with much better reasons like “adding friction, instead of less” to the argument, however if it is true that it will allow a kinder privacy policy on the main app, people may like it. I’m sure you can make great cases either way.

1 year 27 days ago

Danny Brown JamieCragerYa, that’s what I thought. If you know anything about tech, social, apps, etc., no one is gonna believe what they are putting. out. I agree, a unified & simplified app is less resistance.

Danny Brown
1 year 27 days ago

JamieCrager  Wow, just read the Mashable piece – that author sure took some heat in the comments.

Danny Brown
1 year 27 days ago

JamieCrager  “Making it less of a friction experience”? They actually expect people to buy that twaddle? Less friction would be the ability to interact as seamlessly as possible regardless of channel – app, mobile Facebook, or desktop. Having to witch between apps to experience the same platform? Yeah, that’s really frictionless…

1 year 27 days ago

Hi Danny, here is an update, don’t know if you saw this-

I think they are going to get around it by removing messenger from the main Facebook app, that way they can have 2 privacy policies, one for those that value it (to a certain extent) on the main app and those that don’t care (separate messenger app). Facebook doesn’t say this in the post as they give a spin type answer that most tech savvy people won’t buy. The ironic thing is that some people are not happy about this, thus this Mashable post. 

Anyways, onward my friend. 

Danny Brown
1 year 27 days ago

rajatkhanduja  There’s a difference between call access and read access. Twitter doesn’t need read access, they simply use receive texts as the datapoint; so it seems Facebook is making users adhere to non-essential Permissions. And given the news that’s they’re removing the chat feature from the app to force you to use Messenger, it seems a deliberate move to access more data.

Danny Brown
1 year 27 days ago

@Chris  As you can see from the post, Chris, I did uninstall. The article was written to highlight the new Permissions to users that may not be aware of it. Speaking of ToS, do you read every single word of every single ToS for services, apps, installs, CMS’s, etc, that you use? Since, if you do, you’d be about the only person on the planet that does. 
Thanks for the tips.

1 year 27 days ago

Facebook’s access to this information is, like all apps, opt-in. You Opt-in when you choose to use the service. Don’t like it? Uninstall! Everyone should quit whining about all of the “invasion of privacy” garbage and read the TOS and requested permissions. They are very clear in the permissions about what you are allowing them to do. Nothing is hidden. If it bothers you, then don’t use the service. If you feel they are asking for to much data, too bad. If you choose to use Facebook, the you choose to give them your life story. It’s not Facebook’s fault you were too big of an idiot to read what you were getting yourself into.

1 year 27 days ago

Done Euphony101

1 year 27 days ago

I_am_me_who_RU Lilith_VvvV AnonVengeance Pl send this to all Anons. Such demons must be brought to justice & made to pay a bitter price.

1 year 27 days ago

Lilith_VvvV Euphony101
thank god I don’t have that on my phone very creepy but yet no surprise ty Sis AnonVengeance