Facebook has been scraping the metadata of calls and messages sent from Android phones for a long, long time. We’re only finding about it now because of the backlash from the Cambridge Analytica saga.
As Facebook faces backlash against its latent role in the Cambridge Analytica data mining scandal, users of the social media platform have been deleting their accounts. Some of them have been filing away archives of their account contents and activities for record-keeping purposes.
A few of the archivists have taken the time to dig into their ZIP files and found metadata of every call and SMS sent and received, including the time and duration of the call, whether it was picked up or not and contact information about the subjects. The common thread between all of them? They own Android devices.
Facebook responded to an inquiry by Ars Technica about its data harvesting policy as such:
The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.
Facebook Messenger blatantly allows users to link their phone number and contacts to the app, but the Facebook app has had tacit access to privileged information such as call and message data on Android devices with version 4.1 Jelly Bean or older. For the longest time, the Facebook app was targeted for devices with Android 4.0 Ice Cream Sandwich or older until October 2017 when Google ended Play Store carriage of apps targeting Android 4.0 — the latest stable version of the Facebook app targets Android 4.0.3 Ice Cream Sandwich.
iOS has never allowed background access to local call and message data.
Since Marshmallow, Android has prompted users to allow or decline elevated permissions for apps at the time of request. Google is working to implement a narrower target acceptance where apps can only be carried on the Play Store if there are written for either the current version of Android or the version immediately previous — in the current case, Android Oreo and Nougat.
If you’re curious if Facebook has logged your call data, go to the settings page of your account and, in the General section, scroll down to the link below the main items that reads “Download a copy of your Facebook data.”
