Android permission structure allowed Facebook to harvest our call and SMS logs for years

While going through the data that Facebook has on them, several users discovered that Facebook harvested call and SMS logs and related metadata.


As Facebook grapples with the fallout from the Facebook-enabled misuse of user data by Cambridge Analytica, the social media giant’s data gathering practices are coming under increasing scrutiny.

While going through the data that Facebook has on them, several users discovered that Facebook harvested call and SMS logs, and even logged the duration of calls. We examined our own Facebook archives and found this to be true. You can examine this for yourself by following these instructions.

Android permission structure allowed Facebook to harvest our call and SMS logs for years

Facebook is in deep trouble over privacy breach. Reuters.

This data was harvested from Android phones between 2015 and 2016.

ArsTechnica, who also confirmed these reports, reached out to Facebook for a response. Facebook’s spokesperson basically stated that collecting contacts was done to “make it easy to find the people you want to connect with”. Which is understandable, the spokesperson did not explain why Facebook needs meta data from your calls and messages (duration, time, and even missed calls).

Again, ArsTechnica points out that originally, Android permissions were very vague and readily allowed the sharing of metadata with anyone who asks. And Facebook did ask. Sharing of contact info is explicitly requested during the installation of any Facebook app.

That said, given Facebook’s loose interpretation of user privacy, it’s perfectly plausible that Facebook, silently, took advantage of that Android “feature” and harvested the data to create better psychological profiles on its users.

As noted in the Ars report, Google fixed the permissions in Android 4.1 (Jelly Bean), but it was still possible to gain access to call and messaging logs by deliberately specifying an older Android SDK version. Facebook did exactly that till October 2017, which was when the older SDK was deprecated. Apple has more granular data sharing permissions, so this is not an issue for iOS users.

Playing devil’s advocate, we could say that Facebook simply used the older SDK to ensure compatibility with older Android devices. But does anyone here really believe that Facebook did nothing with that data?

Find our entire collection of stories, in-depth analysis, live updates, videos & more on Chandrayaan 2 Moon Mission on our dedicated #Chandrayaan2TheMoon domain.