Many Facebook users have been surprised by the extent of the company’s data collection.
As the Cambridge Analytica scandal unfolded over the last number of days, numerous people have been deleting their Facebook accounts in the wake of the revelations.
The inadvertent sharing of 50m users’ personal information with the political consultancy firm has left many feeling wary of the social network.
Facebook recently took out full-page ads in a number of newspapers apologising for the misuse of personal user data by third-party apps, but it seems the fallout is not yet at an end.
A report from Ars Technica published on 24 March alleges that Facebook was collecting call and SMS metadata from Android phones in a surreptitious manner.
A New Zealand man, Dylan McKay, had downloaded his data archive from the site and was distressed when he discovered approximately two years worth of phone call metadata from his Android handset, including names, numbers and call duration.
Numerous other users spoke to Ars Technica and reported similar findings, with many saying that they found SMS and MMS messaging data as well as call information.
Android permission structure allowed collection of data
It appears the app only got access to this information due to Android’s permission structure.
If you gave the social network permission to read your contacts prior to the release of Android Jelly Bean, this allowed the app to collect data until that particular Android API was deprecated by Google in October 2017.
In a statement responding to the reams of metadata found by concerned users, Facebook stressed that this text and call history recording was an ‘opt-in’ feature for Facebook Messenger and Facebook Lite and it had to be expressly agreed to by the user. The company also said that turning the feature off in the affected app’s settings would delete that information. It reiterated that it does not collect the actual content of texts, calls or other conversations.
The company said: “You may have seen some recent reports that Facebook has been logging people’s call and SMS (text) history without their permission. This is not the case. People have to expressly agree to use this feature.
“Call and text history logging is part of an opt-in feature for people using Messenger. While we receive certain permissions from Android, uploading this information has always been opt-in only.”
If users are concerned about their privacy when it comes to apps, sharing address book and call log information with any mobile application is not advised. It is also worth examining your Facebook data archive as it shows you a list of advertisers that the social network has shared your contact information with.
Was it truly opt-in?
Ars Technica did note that in some cases, the ‘opt-in’ was the default installation mode for the Facebook app and was not a separate notification about the collection of data.
Facebook began seeking concrete permission from Messenger and Facebook Lite users after criticism in 2016 about the vague wording surrounding the SMS services’ opt-in, which did not mention anything about retaining metadata.
Users can delete all their previously uploaded contacts by turning off the continuous uploading setting in Messenger, and permanently deleting an entire account will also result in contacts no longer being uploaded and the deletion of all previously uploaded contacts.
The metadata would ostensibly have been collected to help users locate friends on Facebook and aid algorithms in the presentation of content for each individual user.
Updated, 09.54am, 27 March 2018: This article was updated to remove speculative language around how the data was collected by Facebook.