Facebook logged phone records from Android users with older devices: reports

In the same week Facebook found itself in the middle of a massive data scandal, recent reports indicate that the social media giant has also logged records of phone calls and SMS data from its users with Android devices through an optional service that users may not have realized they’d agreed to.

New Zealand-based software developer Dylan McKay tweeted earlier this week that upon downloading his Facebook data in zip file (which is an option for all users) he claims to have discovered records of phone calls and a historical data of every contact on his phone., including contacts he no longer had, from a period between 2016 and 2017.

After he made the discovery, McKay set up a Google poll to gather evidence from other users who’ve been affected.

So far, just under 900 people have responded to the poll, and more than 20 per cent confirmed they found call records and/or text metadata in their Facebook data archive. Another 74 people responded to the poll saying that MMS data was collected, 106 people responded saying that SMS data was collected, and 104 responded saying that cellular calls were collected.

The story was first published by the tech news website Ars Technica on Saturday, who interviewed several Facebook users, and had a member of its staff download their Facebook data archive. Following, this, the site could confirm that the data file downloaded by the staff member contained call logs from a device that individual used between 2015 and 2016, as well as SMS and MMS message data.

Several Global News staff members also requested their data archives as well in the preparation of this story and some found that the contact lists from their mobile devices were recorded in the file. No one noted any text message or call logs in the data files they downloaded.

4:39 How did Facebook respond to the data breach?

• How did Facebook respond to the data breach?
• Victoria mayor calls it quits on Facebook
• Canada’s political parties using Facebook to target you
• Liberals slam Conservatives for 240 Facebook ads to attack 16 MPs
• Companies like Facebook need to take more responsibility
• Are Facebook users also to blame for the data breach?
• Mark Zuckerberg vows to do ‘full forensic audit’ following Facebook data breach

Previous Video

Next Video

Ars Technica reached out to Facebook for comment before the publication of its story, who said that the practice was a common one among social networking and messaging apps.

“The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.”

Following McKay’s tweets, other users came out on social media expressing similar concerns about what they discovered after downloading their data archives.

It’s important to note that uploading your Facebook contacts is an optional feature for which users must provide consent. Furthermore, users have the ability to terminate this consent at any time to prevent the app from continuously uploading their contacts through their general settings, and can delete data they’ve already collected from the platform.

“Contact uploading is optional. People are expressly asked if they want to give permission to upload their contacts from their phone — it’s explained right there in the apps when you get started. People can delete previously uploaded information at any time and can find all the information available to them in their account and activity log from our Download Your Information tool,” said Facebook in a statement to the Guardian.

In recent years, the company has updated this process to clarify that when requesting access to your contact list, it intends to access all call logs and SMS text messages as well, but Android users in the past may have unknowingly given Facebook access to this data.

In versions of Android before 4.1 (or more commonly known as Jelly Bean), Facebook obtained access to all call and text data by default after users provided access to their contact information. Android’s permissions were changed in October, 2015 and updated again in 2017 to prevent this practice, but Ars Technica reports that developers could subvert these changes if they wrote apps to previous versions of the API.

5:23 Is it time to #DeleteFacebook?

• Is it time to #DeleteFacebook?
• Facebook under pressure over data mining scandal
• Trudeau says Liberals take privacy, Facebook scandal very seriously
• Liberals have contacted Facebook, investigating data compromise
• Opposition hammer Liberals over Christopher Wylie, Facebook scandal
• ‘I’m not on a crusade against Facebook’ says Cambridge Analytica whistleblower
• How to protect your Facebook account
• Can Facebook recover from the data breach scandal?
• Canada’s privacy commissioner investigating Facebook data breach
• U.S. senators call on Facebook’s Mark Zuckerberg to testify amid data controversy

Previous Video

Next Video

Facebook responded to these reports Sunday evening through a post on its news forum. The post states that providing contact information, call logs and SMS logs to the platform is an opt-in practice.

The post also stated that the opt-in feature does not collect the content of calls, that Facebook safely stores the data and that this information is not sold to third parties.

The same call recording and SMS logging has not been noted on iPhones and other iOS devices.

This revelation comes as Facebook is still reeling from the news that the political consulting firm Cambridge Analytica used data from 50 million Facebook accounts in its work with several political campaigns.

The data was retrieved through a research project conducted by Cambridge University’s Aleksandr Kogan, who’d agreed to use the information for academic purposes only but later handed it over to the firm.

The fallout has forced CEO Mark Zuckerberg, who’s stated in several interviews that Facebook supports greater regulation of the internet and recently took out full-page ads in several British and American newspapers apologizing for the “breach of trust.”

In recent weeks however, the #deletefacebook movement has taken off, with “delete Facebook”  and “how to completely delete a Facebook account” Google searches spiking over the past week.

Global News reached out to Facebook for comment but has not yet received a response.