The new app permissions on Facebook's messenger app has the internet in a stir this last week. Concerned friends, family, and customers are actually emailing us asking if all the news surrounding the "crazy permissions" thing is true about Facebook messenger - so much that it's time we write an article to address it and clarify a few things.
It's basically all true...
Yes, basically it's completely true. Facebook messenger has permission to do almost everything on your phone (if you're an android user). But what does that actually mean? First you need to understand a few things about app permissions. Facebook's messenger app isn't really that different from any other messaging app permissions although being three pages long I guess it can intimidate some people. Here's the list of permissions Facebook's new messenger requires.
Facebook messenger app permissions, page 1
Facebook messenger app permissions, page 2
Facebook messenger app permissions, page 3
It seems like a lot of stuff to be required for a little app you use on your phone to chat with friends, doesn't it? In reality, its all pretty standard stuff. Let's quickly delve through them one at a time so they make sense.
Why some of these app permissions exist
The way Android is coded, an app can't use a particular feature of your phone unless it has permission to use that particular part. For example, some apps might be able to use your phone contact list, but not your camera. That basically means you couldn't ever snap a photo and send it to a person using that app because the app is prohibited from accessing the camera. We know EVERYONE uses Facebook to post photos of all kinds of things, so that's an obvious one most of us are OK with, but some of the others might not be so readily apparent.
Identity:
Why does Facebook need your Identity information? Don't worry, Facebook already HAS your identity information if you have a Facebook account. They probably know more about you than any other company on the planet from a marketing perspective. But as far as WHY the app needs to know who you are - that's simple. Facebook messenger needs to know how to separate you from other people in your phone. Simple enough.
Contacts/Calendar:
Facebook messenger has the ability to cross reference your phone's internal contact list with your Facebook account's contact list. It can then let you know who the people are that you could be chatting with on Facebook messenger if you connect with them on Facebook.com. Since you can only chat with "friends" on Facebook, this is a way for them to urge you to add friends you haven't already friended on Facebook previously. You might look down one day and see "Oh, John from back in High School (who is in your contact list on your phone) has Facebook too. How cool. I should reconnect with John and say hi one of these days." And there you go... Facebook is shaping the way you communicate.
Most messaging apps use this feature, but here's a word of advice. The first time you launch Facebook messenger it's going to prompt you to "sync" contacts. Personally, I wouldn't do it. I have over 700 personal, business, and family contacts on my Exchange account on my phone. They are all people I interact with on somewhat of a regular basis. I have another 900 people or so people on Facebook. Assuming that there's a significant overlap between the two, there might be 300 people on my Facebook account that aren't in my phone's contact list. I don't want Facebook adding 300 more people to my phone's internal contacts! That's a no-no for me. I always deny this permission in ANY messaging app. If I want to call someone, I choose to just use the regular phone part of my smartphone. (Gasp! So very muggle of me, I know!)
As far as Calendar access, that feature allows the Facebook messenger app to sync your Facebook Events to your internal calendar. If you've joined a Facebook event on August 15th for the annual family reunion, you can now see that appointment in your phone's local calendar without having to check another calendar. If you don't use or interact with Facebook events, this is something you'll likely never see occur on your phone.
Location
This one is already present in the other Facebook app as well as in your phone's other apps, such as your camera. Yes, even your camera has access to your GPS coordinates. Why? There are a few reasons:
- Facebook can correlate your photo GPS location to it's address database and offer to tag your photo as "At Krispy Kreme, Greensboro, NC" when you post it.
- They can integrate photos with the check-in feature, auto-showing you as at a particular location when you post the photo.
- They can be "helpful" and remind you where you were five years later when you look back and can't remember where you took that picture. Oh yeah, I took that photo at the Grand Canyon back in March, 2014.
Your phone is already tracking this information anyway unless you have your phone's GPS COMPLETELY turned off. (Most apps now can turn it back on long enough to get a location, then turn it back off again in case you didn't know.)
If you ever copy a photo from your phone to your computer, you can see this information in the photo's metadata. Right click a photo you've uploaded from your phone, choose Properties, then the Details tab, and then read what's there.
GPS data included in the photo I took, even when the GPS was off.
That information above shows you where I was when I took a photo of my dog the other day, and is even complete with altitude, though the altitude is about 400 feet off in that given photo. I was actually at an elevation of 687 ft. (I only know that because I know my house's elevation relative to sea level.. I'm curious that way.)
SMS
Like many other apps, Facebook has two-factor authentication, meaning it can be used to securely prove you are actually yourself and not an impostor. That's one reason for this feature. Another of Facebook's features on the website allows you to add a phone number to your account, in case you ever need to reset your password. Here's the reason Facebook says they use SMS permissions, right from their help pages. "
| If you add a phone number to your account, this allows us to confirm your phone number automatically by finding the confirmation code that we send via text message. |
Well, there you go.
Phone
This one should be common sense. If you have contact sync turned on you can go right from the chat screen and make a phone call to the person you're chatting with. Facebook knows "mom" is linked to a specific Facebook account, so maybe it's too much to type here on messenger... I'll just call her and explain it to her. Click... you're now on a call with the person. (Again, I disable the contact sync, so this feature won't work unless my mom has her phone number listed as viewable to friends in her Facebook.com permissions on the website.
Camera/Microphone
Facebook allows you to send pictures to people via messenger. It always has. This is the permission that allows that to work. As far as the need to access the microphone, they also allow you to initiate video calls and to voice-to-text messages. These are what make that possible.
Wi-Fi Connection Information
This is another one that's self explanatory to the geeks out there but confounding to others. Many apps sync a lot of data, especially Facebook. Rather than always using your carrier's data package, the app can choose to locate and utilize wi-fi so it doesn't affect your phone's data package. If you have the regular Facebook app and you ever chose to sync your photos, you'll be glad this feature works. I keep mine disabled, so this feature doesn't work for me either. If I want to see Facebook photos, I'll go to my Facebook account, not my phone's gallery. If I tried to let my phone's gallery synchronize the 20,000+ photos on Facebook, I'd have no data package left AND no internal storage left on my phone.
Device ID and Call Information
Again, this simply allows Facebook to confirm the device it's talking to.
True or False? Is this bad?
Whether all these collective things are "bad" is up to you to decide. If you're one of those that believes big brother is watching everything you do, my suggestion is that you stop owning smartphones. They're called that for a reason. They were DESIGNED to do this. None of these features are out of line with what the providers have always intended to do - collect as much information as they can about everyone for marketing, demographic, and product enhancement purposes. It's also important to know that none of these features are uncommon. Most every vanilla app out there today collects the same information. It's only in the news because Facebook did it and because Sam Fiorella wrote an article about it back in December on the Huffington Post about it and called the app "insidious." As a former subject of the scrutiny of the Huff P myself, I know for a fact their editors half the time have no idea what they're spouting off about.
If you REALLY want to be concerned about what Facebook knows, there are way more intrusive things than this app. For example, Amazon and Facebook have a love-love relationship with each other. Go to Amazon and search for something you've never had any desire to buy... ever. Spend a few minutes on the web site searching out midget-halter-tops or something. Click through some products related to what you're looking for. Now, go back to Facebook over the next week and you'll be amazed to see both news stories, product placements in your news feed, and ads on the right side with EXACTLY what you were just searching the net for yesterday. Wow, amazing how they do that huh? Facebook just knows.... No, they track... everything.
Love it or Lose it
And finally, it should be noted that Facebook currently supports three ways to chat with friends using messages. You can login to the Facebook.com web site through your phone's browser, which will give you a full featured experience, including messenger. You can use the regular Facebook app that has messaging capabilities already. You can use Facebook Messenger. Or god forbid you could actually pick up the phone and CALL someone!
In case you don't already know, Facebook is intentionally removing the messaging component from their other Facebook app in the very near future. If you want to continue to use the messaging capabilities you will have to use the messenger app or your phones web browser. Ninety percent of us out there will just use the app, because the browser experience just isn't as friendly on a phone's screen.
Why, oh why would they do this? Because nothing is free. Facebook didn't get to be a multi-billion dollar company by doing ANYTHING for free. No one pays out hundreds of millions of dollars in programmer's salaries just because they want everyone to chat for free. They want the marketing demographic data behind those conversations to leverage the information for advertising purchases. Facebook knows the age, gender, location, and shopping preferences of almost every user (and there are over a billion of them). If Tampax decides they want to run a massive ad-campaign targeted at women between the ages of 18-22, that are in college, live in the US, and specifically tend to be located around Denver Colorado, they go to Facebook to place that ad because Facebook can put the ad in front of exactly who they want to see it, not just randomly throw it out there in a newspaper-style and hope the right demographic get the ad served to them. This is the mystery behind the "free" stuff. If you want free, they're going to charge someone else for it - namely the advertisers.
A comparison of apps
I could spend all day going through the other apps that are just like this on your Android phone, but I picked one to compare it to. Google + is probably the closest thing to a direct competitor for Facebook for messaging on the Android system, and it's made by the company that makes your phone, so let's take a quick look at what that app has permission to do.
Google + Permissions
- find accounts on the device
- add or remove accounts
- modify your own contact card
- read your own contact card
- read your contacts
- modify your contacts
- approximate location (network-based)
- precise location (GPS and network-based)
- write call log
- read call log
- test access to protected storage
- modify or delete the contents of your USB storage
- take pictures and videos
- record audio
- read phone status and identity
- read your social stream
- read subscribed feeds
- receive data from Internet
- write to your social stream
- access Google Photos data
- write subscribed feeds
- download files without notification
- set wallpaper
- prevent device from sleeping
- control flashlight
- view network connections
- control Near Field Communication
- use accounts on the device
- change your audio settings
- read Google service configuration
- toggle sync on and off
- pair with Bluetooth devices
- full network access
- modify system settings
- read sync settings
- control vibration
You want scary? Let's talk a second about controlling Near Field Communications. That's the feature in some Androids (like my Note 3) that allows data to be sent between two devices just by being in close proximity to one another. The fact that Google's chat program can turn that on and off as well as initiate a pair with a bluetooth device should scare the hell out of you if the Facebook messenger app worries you. Couple that with modifying and deleting contents of your storage devices and..... (I love this one)... controlling your flashlight! An insidious (to borrow Sam's word) mind could easily picture someone with the right technology initiating a bluetooth or NFC pair to your device without your knowledge, downloading all your phone data without your knowledge, deleting it after they're done, and then locking your flashlight on to kill your battery so you can't call the NSA to tell them you've been the victim of foreign espionage! Sheesh!
But somehow no one cares that every Android phone has Google + installed...
Written by Tommy Jordan
CEO, Twisted Networx
August 9, 2014
