Taking a backup of personal data from Facebook
Kurt ‘the CyberGuy’ provides an insight into the ‘Fox & Friends.’
The news that Facebook’s Android app is the collection of call and sms history is still a black eye for the social media giant. But why is Facebook able to siphon out the records of who the users are contact — and when — in the first place?
The short answer: Because Google. The longer answer: it’s complicated.
The social network acknowledged on Sunday that it began with the upload of calls and sms logs of phones that run on Google’s Android system in 2015 — the first via the Messenger app, and later through an option in Facebook Lite is a stripped-down version of the main app. Facebook added that only those users who gave the correct rights were affected, that it does not collect the content of messages or calls, and that users can opt out of the collection of data and the stored logs are deleted by changing their app settings.
Facebook did not respond to multiple requests for more details. The a kerfuffle about this to collect data, first reported by the website Ars Technica , and follows a week of turmoil for the social network, which charges that it allowed political consultants to steal the data of 50 million users in order to influence elections.
There is a reason Facebook actions were restricted to Android phones. Apple locks down app permissions tight, that it offers more protection of the privacy for iPhone users. “Apple’s fundamental approach is to collect the minimum amount of information to keep the service running, and keep customers in control of the information,” said Rich Mogull, CEO of security firm Securosis.
But Android is already much more permissive.
Until recently, in fact, Google will let app developers get access to a phone is call and text logs. All they needed was an app which requires access to contacts. Once the users agreed to it, Android would be the provision of access to these communication history.
Beginning in 2012 with the Jelly Bean version, Android would notify people installing such apps that they were also giving apps access to their call and text logs, but are still required to agree to all permissions at once. The rejection of the request referred to in the apps would not work.
It was not until 2015 when Google released Android 6.0, called “Marshmallow” that Android phones will eventually split-up of these rights. That meant that users can agree to share contacts, but to refuse the access to their messages and phone histories.
That is the same year, Facebook says the apps have started to collect this information. But many Android users who do not have the latest version of the software. In fact, they often can not get, even if they want it.
Apple is the owner of both the software and hardware for the iphone, which makes it possible to create new versions of its iOS operating system. Google, by contrast, is largely at the mercy of both mobile providers and hardware makers when it comes to the distribution of new Android versions.
There are nearly 20,000 Android phone models now in service, and carriers such as customizing the software for each to ensure that the work runs as smoothly as possible on their networks. As a result, the new Android versions of users to achieve very slowly.
As of January, about 65 percent of the iPhone users were using the latest iOS software, which was introduced in 2017. Less than 1 percent of the Android devices that currently make use of the latest version of Android, known as “Oreo.” (Many of them are the owners of Google’s new Pixel-based phones, that software updates from Google.)
Slightly more than half of all Android users are using the two previous versions, to which they point, in particular, the parts of the communication logs. In October last year, Google began forcing all apps to follow the new rules when they issue updates, even on phones with older versions of Android.
All that leaves two big questions unanswered. Why Google has set the Android permissions this way? And how many other apps have taken advantages of the same setup?
Experts and privacy advocates say that the answer to the first question is likely to be related to Google’s ad-based business model, which — like Facebook — depends on collecting detailed information about users in order to target them with tailored ads. Apple, meanwhile, derives its profit from the sale of devices and services, such as the Apple Music.
Another possible factor: Android is playing catch-up with Apple for many years, and was eager to attract app developers to achieve parity with the Apple App Store. Some app developers may have found better access to the data of the user on the Android attractive, as Facebook did.
Experts say that it is not clear whether other apps are going as far as Facebook in terms of tracking the call history and texts, but it is quite possible.
“In a lot of ways, Facebook is the tip of the iceberg,” said Bob O’donnell, chief analyst at Technalysis Research. “There are plenty of other people who have this kind of data to collect.”
It is unclear how many apps to get access to call logs so far, or how many users’ call logs sent to app developers. A Google spokesman declined to comment.
A big Android phone maker, expressed uncertainty about its role in the protection of the privacy of the user. “At this time, the nature of the data breach is unclear, so it is difficult to comment on the cause or the solution”, LG Electronics, Inc. said Tuesday in a statement.