Facebook scraped call, SMS data for years from Android phones. iPhones never allowed this.
When you think there’s something lurking in the dark, you turn on the lights. And, now that Facebook‘s data harvesting, hoarding, and exploitation is being lit up by the internet version of the Bat Signal, more and more problems are being discovered. Most recently: That Facebook was scraping call and SMS logs of Android phone users.
And yes, this is what happens when neither your operating system nor your app care about your privacy.
This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received.
Others reported finding the same, and Ars was able to independently verify the data collection.
If you granted permission to read contacts during Facebook’s installation on Android a few versions ago—specifically before Android 4.1 (Jelly Bean)—that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017—the point at which the latest call metadata in Facebook user’s data was found. Apple iOS has never allowed silent access to call data.
People began looking into the records because of the #DeleteFacebook movement, which followed the revelation that the Facebook data of 50 million users was abused by political data firm Cambridge Analytica.
It’s unclear whether Facebook’s tool to delete contact information would also delete the call and SMS logs. It’s also unclear why this was happening, whether Facebook was intentionally scraping the information for exploitation, or whether it was an unforeseen side-effect of the contact sharing implementation. What is clear, though, is that repeated problems like this form a pattern and a pattern of problems makes negligence indistinguishable from malice.
More recent versions of Android should prevent this kind of data collection.
The salient point is, of course, that iOS never allowed it. This type of abuse was simply never possible if you used an iPhone. Apple built it that way on purpose and it protected its users from privacy violations like this before they ever happened.
Google and Facebook’s business model allow them to give you a lot of great, convenient services for free. Apple’s business model allows them to give you great privacy protections by default.
If you’re concerned about any of this, consider how much, if at all, and in what way you want to continue using Facebook or Android. Everything is a tradeoff. Everything has advantages and disadvantages. But for many, those cost of free-as-in-your-data is becoming too high a price to pay.
Google changed its business practices to settle a 2012 antitrust investigation.
Google told the U.S. government this month that it would continue allowing sites like Yelp to opt out from having their data scraped and displayed in the tech giant’s search results.
Five years ago, Google agreed to cease that practice in order to settle a major antitrust investigation led by the Federal Trade Commission. But the limits on scraping would have expired on Dec. 27 if Google hadn’t decided on its own to preserve them.
“We believe that these policies provide additional flexibility for developers and websites, and we will continue them as policies after the commitments expire,” Google told the FTC in a letter published today.
Google’s renewed commitment comes as the company continues to draw the attention of competition regulators, particularly in Europe, which slapped it with a record $ 2.7 billion fine this year for prioritizing its own offerings over rivals.
But those rivals are still likely to bristle at Google’s decision to preserve its previous pledge on scraping. Yelp, for one, told the FTC in September that Google had actually broken its legally binding promise, charging that the tech giant had actually used Yelp photos in its search results.
“Google should be held accountable and subject to remedies sufficient to ensure its anticompetitive conduct does not continue to harm competition and consumers,” wrote Luther Lowe, the vice president of global public policy at Yelp, in a letter to the FTC at the time.
Google also told the FTC this month that it would preserve commitments it made to satisfy competition concerns about AdWords. In 2012, the company agreed to “remove restrictions on the use of its online search advertising platform,” satisfying regulators’ concerns that the company had made it “more difficult for advertisers to coordinate online advertising campaigns across multiple platforms,” the FTC said.
A Judge today ruled that an analytics company has the right to scrape data from LinkedIn (LI). HiQ, the data gatherer, has been processing publicly available data from LI and using it to train AI models, until May when LI demanded it stop. Scraping is a data-gathering process that pulls relevant information from websites. LinkedIn, a Microsoft owned company, issued a formal letter asking HiQ to stop scraping the site because doing so violated its user agreement. The letter indicated that LI had taken technological steps to prevent HiQ from continued scraping, and that further attempts to circumvent such protections…
This story continues at The Next Web