Facebook logged phone records from Android users with older devices: reports

Facebook does data breach damage control
Facebook is under scrutiny around the world, for allowing the personal data of millions to be exploited. Influential celebrities are deleting their accounts , along with everyday people. Its founder Mark Zuckerberg is spending big bucks on an apology, but is it too little, too late? Paul Johnson reports.

In the same week Facebook found itself in the middle of a massive data scandal, recent reports indicate that the social media giant has also logged records of phone calls and SMS data from its users with Android devices through an optional service that users may not have realized they’d agreed to.

New Zealand-based software developer Dylan McKay tweeted earlier this week that upon downloading his Facebook data in zip file (which is an option for all users) he claims to have discovered records of phone calls and a historical data of every contact on his phone., including contacts he no longer had, from a period between 2016 and 2017.

After he made the discovery, McKay set up a Google poll to gather evidence from other users who’ve been affected.

So far, just under 900 people have responded to the poll, and more than 20 per cent confirmed they found call records and/or text metadata in their Facebook data archive. Another 74 people responded to the poll saying that MMS data was collected, 106 people responded saying that SMS data was collected, and 104 responded saying that cellular calls were collected.

Story continues below advertisement

READ MORE: Here’s who’s using your Facebook activity to get inside your head

The story was first published by the tech news website Ars Technica on Saturday, who interviewed several Facebook users, and had a member of its staff download their Facebook data archive. Following, this, the site could confirm that the data file downloaded by the staff member contained call logs from a device that individual used between 2015 and 2016, as well as SMS and MMS message data.

Several Global News staff members also requested their data archives as well in the preparation of this story and some found that the contact lists from their mobile devices were recorded in the file. No one noted any text message or call logs in the data files they downloaded.

Ars Technica reached out to Facebook for comment before the publication of its story, who said that the practice was a common one among social networking and messaging apps.

Story continues below advertisement

“The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.”

Following McKay’s tweets, other users came out on social media expressing similar concerns about what they discovered after downloading their data archives.

It’s important to note that uploading your Facebook contacts is an optional feature for which users must provide consent. Furthermore, users have the ability to terminate this consent at any time to prevent the app from continuously uploading their contacts through their general settings, and can delete data they’ve already collected from the platform.

“Contact uploading is optional. People are expressly asked if they want to give permission to upload their contacts from their phone — it’s explained right there in the apps when you get started. People can delete previously uploaded information at any time and can find all the information available to them in their account and activity log from our Download Your Information tool,” said Facebook in a statement to the Guardian.

In recent years, the company has updated this process to clarify that when requesting access to your contact list, it intends to access all call logs and SMS text messages as well, but Android users in the past may have unknowingly given Facebook access to this data.

Story continues below advertisement

READ MORE: How Cambridge Analytica’s use of 50 million Facebook users’ data turned into a scandal

In versions of Android before 4.1 (or more commonly known as Jelly Bean), Facebook obtained access to all call and text data by default after users provided access to their contact information. Android’s permissions were changed in October, 2015 and updated again in 2017 to prevent this practice, but Ars Technica reports that developers could subvert these changes if they wrote apps to previous versions of the API.

Facebook responded to these reports Sunday evening through a post on its news forum. The post states that providing contact information, call logs and SMS logs to the platform is an opt-in practice.

The post also stated that the opt-in feature does not collect the content of calls, that Facebook safely stores the data and that this information is not sold to third parties.

Story continues below advertisement

The same call recording and SMS logging has not been noted on iPhones and other iOS devices.

This revelation comes as Facebook is still reeling from the news that the political consulting firm Cambridge Analytica used data from 50 million Facebook accounts in its work with several political campaigns.

The data was retrieved through a research project conducted by Cambridge University’s Aleksandr Kogan, who’d agreed to use the information for academic purposes only but later handed it over to the firm.

READ MORE: Elon Musk deletes Facebook pages of Tesla, SpaceX after data scandal

The fallout has forced CEO Mark Zuckerberg, who’s stated in several interviews that Facebook supports greater regulation of the internet and recently took out full-page ads in several British and American newspapers apologizing for the “breach of trust.”

In recent weeks however, the #deletefacebook movement has taken off, with “delete Facebook”  and “how to completely delete a Facebook account” Google searches spiking over the past week.

Global News reached out to Facebook for comment but has not yet received a response.