Facebook Mess

The FUD is fierce as a 9-month-old story paints a scary — but not really correct — view of Android permissions

You can't swing a dead cat on the Internet these days without running into yet another misguided story about how scary Android is, and about how apps have access to do all sorts of scary-sounding things. Making the rounds this week is the rehashing of a December 2013 Huffington Post story by Sam Fiorella, whose byline paints him as a partner with Sensei Marketing, and author of Influence Marketing. It's a scary-sounding (and recently updated and corrected piece, starting thusly:

How much access to your (and your friends') personal data are you prepared to share for access to free mobile apps? I suspect the amount is significantly less than that which you actually agreed to share when blindly accepting the Terms of Service.

Case in point: Facebook's Messenger App, which boasts over 1,000,000,000 downloads, requires the acceptance of an alarming amount of personal data and, even more startling, direct control over your mobile device. I'm willing to bet that few, if any, of those who downloaded this app read the full Terms of Service before accepting them and downloading the app.

Scary stuff, indeed. And this week folks have been blindly reblogging this scary story within an inch of its life, presumably in hopes of keeping scary things from happening and saving the world or something.

Here's the thing, though: These scary stories aren't telling you the whole truth. They're spreading what we call Fear, Uncertainty and Doubt. They're irresponsible, show a distinct lack of knowledge on the way Android permissions work, and frankly they do very little to educate. That's not to say you shouldn't look at an app's permissions before installing it — you absolutely should. But we also need to remember to think about why an app may be declaring the permissions it is.

Let's take a look at what Facebook Messenger is, exactly, up to.

What are Android permissions, and why should you read them?

Facebook Messenger permissions

If you've ever installed an Android app, chances are you've seen its list of declared permissions. Every now and then you'll come across an app that doesn't have to declare any special permissions, but that's generally the exception and not the rule. And moreover, chances are you've quickly tapped through the list of declared permissions so you could just install the damn app. We've all done it. We know better, but we do it.

Permissions are integral to the Android experience. And they're still a little clunky.

So what are permissions? And why does my phone need access to all that stuff? Because they're keeping you safe. Any time an app wants to use a feature that's considered "protected" by the system, it'll have to tell you that it wants to do so. In Android's case, it declares permissions before you install an app. You see them in Google Play. You see them on the device itself any time an app is installed, whether it's from Google Play or somewhere else. If an app wants to use, say, the camera, it must declare it as a permission, otherwise it can't use the camera.

What might an app need permission to access? Your camera, for one. Location via GPS is another. Same for using telephony, network and other data connections (think phone calls, getting online and the like), SMS and MMS (text messaging), and Bluetooth use. If an app wants to use any part of any of those things, it must declare the permission.

And Android has gotten better about permissions as you see them today, simplifying the list and consolidating permissions that shouldn't seem out of the ordinary ("Of course this browser needs Internet access"), making them a little easier to read — but it still has a ways to go in the way it actually explains the permissions. They're still pretty broad and don't really give any insight as to why the app you're installing might need access to those things, and it's not always obvious. They're also still not really written in English (though, again, they're better than they used to be). So they might well sound a little scary, even though they shouldn't be.

And as we're seeing in this latest round of FUD, it's real easy to get folks' knickers in a twist.

Let's look at Facebook messenger's permissions

As we said, you're kind of left to your own devices to decide whether the permissions an app is declaring are scary, or necessary. (Though we'd argue that a company like Facebook probably couldn't get away with sneaking something through for very long, but that's not really the point of this exercise.)

So, let's go through them, one by one, as they're currently listed. (Note that the order is different than what you'll find in that original December 2013 HuffPo FUD piece, and the subsequent reblogs.)

Facebook Messenger permissions — calls

Phone calls

  • Directly call phone numbers. This one's followed by a yellow "This may cost you money" warning, and a little image of coins, again indicating that it could, potentially, cost you money.
  • Read phone status and identity.

Why these permissions: Because Facebook messenger can call people. Or, rather, it can initiate a call. If someone has given Facebook their phone number, you'll be able to call them through this app. At the same time, the app has the ability to see what your phone number is.

Facebook Messenger Permissions — Texting

Texting

  • Edit your text messages (SMS or MMS)
  • Read your text messages (SMS or MMS)
  • Receive text messages (MMS)
  • Receive text messages (SMS)
  • Send SMS messages (This may cost you money)

Why these permissions: Facebook Messenger uses an SMS to confirm your phone number when you decide to give it to Facebook. Note how that works in conjunction with the "read phone identity" permission above. Facebook Messenger also allows you to send a text message or MMS to someone who isn't yet on Messenger. (You have to give it access to your contacts, though, for that to work.)

Camera

  • Take pictures and videos

Why this permission: Facebook Messenger can use the camera to ... wait for it ... take a picture or shoot video.

Microphone

  • Record audio

Why this permission: Facebook Messenger can use your microphone to ... wait for it ... record a message to send to a friend. Or make phone calls.

Facebook Messenger Permission — Location

Location

  • Approximate location (network-based)
  • Precise location (GPS and network-based)

Why these permissions: Because Facebook Messenger, just just about every other social network, uses location for all sorts of things. And there's more than one way to get location on a device.

Contacts

  • Read call log
  • Read your contacts
  • Read your own contact card

Why these permissions: Facebook Messenger is a messenger app, and it has the ability to sync up with your phone contacts. (That's a separate process altogether, but it still has to declare the permission up front if it's going to do any of it from your phone.)

SD card

  • Modify or delete the contents of your SD card
  • Read the contents of your SD card

Why these permissions: Facebook's addressed this one directly already regarding its Facebook proper app, but it's also a pretty standard permission for any app that needs to cache data somewhere. In this case, think your friends' contact pictures. Instead of downloading them every time you use the app, which is slow and costs data, it stores them. (And that's just one example.) And "SD card" is a misnomer (and another example of how permissions can be clunky), because it's not actually talking about a physical SD card.

Accounts

  • Find accounts on the device
  • Read Google service configuration

Why these permissions: Facebook Messenger is a Facebook app. And you know how you're able to use your Facebook account to sign into other things. (Including our Mobile Nations sites, actually.) And if you look in the main accounts settings on your device, you'll see the Facebook service listed here. Thus, the permission.

Network

  • Change network connectivity
  • Download files without notification
  • Full network access
  • Receive data from Internet
  • View network connections
  • View Wifi connections

Why these permissions: This sort of thing often sounds far more scary than it should. First, the obvious: Facebook Messenger needs a data connection. Full stop. That explains most of that there. As for downloading files without notification, ever wonder how Facebook apps sometimes look different even though you didn't actually update the app? There you go. (Not saying we're a fan of that one, by the way. We'd prefer transparency.)

Other permissions

  • Run at startup: Facebook Messenger is a messaging app. In order to be effective, it needs to be open. So it sets itself to run at startup in the background.
  • Draw over other apps: Two words: Chat Heads.
  • Control vibration/prevent phone from sleeping: Pretty standard for notifications in an app like this.
  • Read sync settings: Lets the app see if background syncing is on.
  • Install shortcuts: Again, Chat Heads and your home screen.

Facebook Messenger permissions

The bottom line: Just because it sounds scary doesn't mean it is.

In Android, you accept permissions wholesale — either you install the app, or you don't. That differs from how things work in iOS and Windows Phone, and whether it's a better way of doing things is up for debate. If, say, you tell an app not to send you push notifications in the app's settings, it'll still have the proper permissions to do so. Same thing for text messages here. Even if I don't use Facebook Messenger for that, it still has to declare the permissions — just in case I want to use that feature.

And Google still could do a better job making them more readable for the regular user. Probably the biggest culprit is when you tap on a permission and see it talking about allowing the camera to take a picture "at any time." Really what that means is "we won't ask you again if you want to use the camera when you open the camera, because chances are you're trying to use the camera." (That's different, however, than the roadblock you hit if you have more than one camera app installed. But that's another thing for another day.)

App permissions are important. Be sure to read them. But also think about what an app actually does.

On the other hand, app developers could explain in the app description (or at least link to a web page) why the app is declaring the permissions it's declaring. And many developers do, including us with the Android Central App.

Facebook, for its part, told the Wall Street Journal essentially what we're telling you here: The original HuffPo piece is bunk. In fact, when called out by a commenter, the FUD's author not only basically admits to spreading the FUD, he makes it worse.

I would agree that it's not Facebook Messenger's intention to record audio or take a photo without being initiated (eg. taking/adding a pic to a text msg) but once you give permission for the app to do so automatically, what's to stop a hacker or other app from doing so? We have too much blind faith...that's the point I'm trying to make.

Here's what stops a hacker or other app from doing so, Sam: The permissions system. And also the other malware and security protections Google has in place.

That's not to say Facebook or any other major company is beyond reproach, or that you shouldn't question its motives. We've seen Facebook pull some shady stuff before. But Fiorella is correct in that we shouldn't blindly install apps. Read the permissions. Ask questions. Look at similar apps and see if they have similar permissions. (You'll find many of Facebook Messenger's permissions in, say, Google's Hangouts app.) But be sure to think twice before scaring the hell out of folks and spreading Fear, Uncertainty and Doubt like Fiorella did some nine months ago. And be sure to think twice when you read obviously alarmist stories.

More on permissions

We also recommend reading through:

 

Reader comments

Facebook Messenger permissions: Not as scary as the stories might have you believe

205 Comments

Not that it matters but Facebook keeps all your messages... Forever. It's why they like you to archive and not delete and make it a bit more difficult to delete.

Posted via Ash William's Boomstick

Not true if you delete them with Facebook messager they are deleted and not in the archive. Sounds like you don't have the app

Really, what guarantees do you have that they aren't still on Facebook servers? Did you read the TOS? Seems like you haven't. They are deleted on your side, meaning you can't see them. Doesn't mean that they are not still on FB servers. Snapchat got in trouble for that, and Facebook is much more intrusive than snapchat. Read the TOS and take the red pill.

They actually have to store them for like at least 5 years or so just in case there is incriminating evidence that the authorities may request in the future. Legal stuff. Not a fan of it though.

i've worked quite some time now in IT and number 1 rule in every information technology system is.... NEVER lose data. They may hide it from others, they may hide it from you, but noone will ever delete a single letter you type into any website once you pressed "send" ... and sometimes they even get it without you pressing "send".

Most Systems don't even allow deleting data from a technical point of view so noone deletes something accidently. If you want something deleted it just get's an additional attribute so it doesn't get displayed any more.

Yeah, pretty much. Things are "marked" as deleted, but they are still there.
Now, it'll be archived off after some point, but it never really goes away.

bottom line .. a lot of companies are developing a standard electronic retention (or deletion) policy/protocol ...... chances are everything is archived for a period of time. the policy could call for archive or deletion after 30 days or after 5 years... or it just waits until it's overwritten ...

I agree the HP article is a bit misinformed but this article is a bit of an over simplification about permissions. Put it this way, a good friend is a Google Executive up in Mountain View and they told me they would never allow FB to have those permissions. As such they don't have the app on their phone.

One person (I'm sure there are others) doesn't want to allow FB to have those permissions. That is there personal call. Aside from the potential "risk" due to his specific position, Where he works and what position he has there really means nothing. Understanding permissions and opting to allow or not are all that matters. The permissions of FB are not egregious, they just are.

Point being Google can allow Android to limit app permissions... they choose. not to for a various reasons. sorry but I'd take the inside knowledge of a person who is a senior level person. Oh by the way, they aren't the only person - most at Mountain View don't and that in and of itself says a fair bit.

Now comes the question, if Google has a problem with the permissions(if most of a company has a problem, it's safe to say the whole company) why don't they do something about it?

LOL. As if Google + didn't do this already with Google hang outs and *gasp* Google hangouts has almost the EXACT same permissions! So I guess those Google execs up on mountain view don't have Google hangouts on their phone either...

I bet you can find one person in Google who thinks this Android thing is a fad.
I bet you can find one person at Apple who owns a Windows phone.
I bet you can find one person at the NSA who thinks domestic spying is bad.

I don't know how your comment is an example of anything.

Great article.  Hopefully this clears things up for some people.  I was having a good laugh last night at some of those articles.  I don't think that the writers quite know what exactly "permissions" are.

You know it won't. The voice of reason and sanity often gets shouted down by

OMG THE WORLD IS FALLING!!

Posted via Android Central App

Wonder how many fear-mongers here are Rupugnantcans? Because this has the potential to get fairly contentious, just like what Repubs did for California's Prop 8 battle, when the sky was falling with each new newscycle. Just a thought.

People think that having permission to use your camera or microphone means they are spying on us. Which I'm pretty sure they are.

Posted via Android Central App

Right? My whole issue is the amount of worldwide government taps Facebook knowingly has. I could care less if FB has access to whatever info I give it, but it's handing all that info over to people I don't effing trust.

To be "fair" I doubt the writers use anything but iOS which doesn't tell you anything about an apps permissions before download.

Its funny. Android puts it out there and "OMG THE WORLD IS FALLING", Apple just does it and there is nothing sinister....

It doesn't have to. Take a look at the approach sometime. Apple has the app ask permissions AFTER download (in fact, right before you use each feature... Taking a photo in Facebook? Asks permission to access your photos, tracking your location... Ask right before it does it). You get to YES/NO to each permission and then revoke those permissions individually at any time from the Privacy control panel.

Saying it doesn't tell you ANYTHING is more than a bit inaccurate. On the flipside, Google Play puts so much extraneous info in there, normal people have to listen to self-serving pundits to tell them that permissions they gave away before downloading. By giving away all of these permissions out of context and at the time of download, you get articles that make people hyperventilate. Which is terrible.

Yea this has been really annoying to keep seeing it pop up on big news sites and on my social media feeds. I just wanna grab these people and shake them and be like is this really the first time you've looked at permissions when installing an app? because this is pretty similar to ANY social media app. idiots.

Have sent the link to many people do far today... I'm bookmarking it so that I can send it in the future... Thanks for the great article Phil

Posted via Android Central App

That Verizon logo hurts my eyes. Please use screenshots from other carrier variants :)

Posted via the Android Central App

The main annoyance for me is Facebook trying to FORCE me to download this app when I'd prefer just keeping the messaging functionality in the main app. I use Facebook messaging very infrequently, and I don't want to have to install another app that's going to eat into my battery and use my resources for the occasional message I want to read/send.

That's Facebook for you... But it also is not very different from alot of things

Posted via Android Central App

I felt the same way, but then I actually tried the app and it is quite good.  So I don't loved being forced into it, at least they took the time to make the app great.

It was quite bad for a long time, but the most recent builds are good and it deserves the recognition that the other top messaging apps get.

Yeah I know it is pretty good now. I blame that a little on the whatsapp takeover or luck.. But I am cynical like that..

Posted via Android Central App

Eh, Messenger's been pretty solid for probably over a year now, well before the Whatsapp acquisition was much of a factor. Whatsapp is kind of a disaster of an IM app anyway, IMO.

Actually, I liked it better a few versions ago.. Before they went with the pastel blue color scheme..

Posted via Android Central App on The Nexus 5

It's really a very lightweight app and doesn't impact battery life much at all. (This coming from someone who's used it *heavily* for the past couple of years.) If you're still concerned and use FB messages that infrequently, you can always just use the mobile site for that once-in-a-blue-moon occasion.

+1 I feel the same. I use it veryyyyyy rarely. Not enough to warrant an additional app. Stupid.

Posted via Android Central App

I'm exactly the same, what was wrong with the old way, they should at least kept this open and given the choice. If I get a message I'll pick it up on the laptop later. Nothing is that urgent on fb!

Now, how about an article on what Facebook could do with the permissions we give them if they wanted without our knowledge. Not that they do, of course, just hypothetically speaking...

Fans of the app hate letting people know the whole truth about it.

Far be it from them to ever do anything wrong.....Funny thing though,wasn't they just recently in the news about some little experiment they were doing without permission from the users,then theses fans saying...Well didn't you agree to it when you signed up?

So,instead of informing of potential threats people here would rather blow that off and what any application"can" do because some here would rather not scare people out of their safe little world...

While explaining why a application may need permissions is a good thing,don't ever sugar coat the realities of what you are giving them permission to do if they desire to. That's just burying your head in the sand for any application that is downloaded.

Posted via Android Central App on my HTC M8

It is reporting info. The same info that's been on tech sites the last few days as Facebook just required users to use messenger recently. Today they decide this piece (probably because every other site has already) it's not really a bad thing if you only get your info from one source. But I check multiple sources. Just an observation. Nothing to get your panties in a bunch over

Posted via my OnePlus One

That awkward moment when you don't read the article and post a comment that makes you look silly, then someone calls you out on it and you post another comment showing you really didn't understand what they were saying and you try and defend yourself and you look even sillier

Posted from the Avengers: Age of Droid Ultra

Not hardly. Couldn't care less what trolls say. Too many members spend too much energy trying to be the cool kids on the forum because they obviously don't have much going for them in life. I said my piece and will leave it at that.

I just get on here to pass time in between calls at at work. I'll be in the forums but as far as these news stories, just to pass time

Posted via my OnePlus One

Why Facebook messenger saying I can send messages to friends that don't have Facebook and yet a have have let my friends know that don't have Facebook account to download the Facebook messenger app to send messages maybe I should unstall my Facebook app and and use my Facebook messenger as a stand alone app but but will I be able to send messages to my Facebook friends.

Posted via Android Central App

I believe your answer is that FB Messenger lets you send SMS, so technically you can send a message to a phone number and that phone number doesn't necessarily have to have FB or FB Messenger. 

This list is the main reason why I don't install FB or Messenger unless I'm running a custom rom with permission capabilities built in. That way, I can turn most of those off. My problem with the FB app is that it requests more permissions than any other app on my phone.

Personally, I don't trust FB that much. But that's just me.

I get what you are saying but it, by its very reason for being around in the first place, should ask for more permissions than anything else.

Facebook wants to be ingrained completely in your life so you can share it with anyone, anyway you want. It needs the permissions to do it.

Like I said I get what your saying but the permissions follow the business model.

I do not know for sure but I am guessing that G+ is very similar

Posted via Android Central App

Right, and thats why I take issue. I (speaking only for myself) don't trust FB that much.
Oh, and I just counted permissions. This is from Privacy Guard in CM on a Nexus 5.

Permissions requested:
G+ = 11
FB = 20

I am gonna say half are duplicates of G+ so I come back to the conclusion that FB and G+ are the same permission-wise

Neither does a friend who is an Executive at Google. They aren't paranoid but they have their reason and all they said to me is that the FB messenger app is something I should skip and not load onto my phone.

I use a app short cut to the permissions settings in android on my GS4 and denied them access I don't need fb messenger for accessing the camera or anything else I just use it for the messenger function ...

Bravo, Phil. My local news recently did a story about how Facebook in particular is scary but didn't bother to try to explain that perhaps a messaging app needs to use your data connection so it can actually do things. I'm just going to point the people who came to me freaking out over it at this article.

And then curse my local news team for their as always poor technology reporting.

Posted via Android Central App

I have never seen a local news station get a tech story right. I don't think I ever saw one I didn't laugh at

Posted via Android Central App

Reading some of the comments to in the app section made my head hurt.... Some really paranoid people out there

Posted via the Android Central App

Take a aspirin for your headache...

Reality checks generally are enough to scare people. Advising people of the inherent dangers make them less likely to download apps from untrusted places and blindly give it permission.

It's always a two edge sword,but when a trusted application does unethical or questionable things then it's a good thing for the consumers to question why apps need these permissions and be wary of this.

Posted via Android Central App on my HTC M8

Thank you! People act like that just because you can explain the single use for a permission that can do way more than that single use requires that it is all okay. I'm sure Facebook isn't using these maliciously, but at one time many people didn't think that our government would be spying on us as badly as they are; keeping records of texts, phone calls, and emails and passing the “good” private photos around the office. No way Facebook would ever do anything like that though. /s

Thank you!! Shared so the nervous nancies on Facebook can chill out and stop sharing that "scary" story.

Posted via Android Central App

Would be good to have a mirror article that goes through the permissions of an app that *is* suspicious, and explain why, in that case, the permissions requested don't make any sense in the context of the app's ostensible purpose.

I've seen a lot of people posting a story written by some idiot on the Huffington Post. The guy is frankly clueless.

Posted via Android Central App

Just show me how to keep viewing facebook messages in the app without the use of another messenger app and I'll be a happy camper.

I'm not glued to facebook and only want it running when I open it, not constantly.

I'm just annoyed that they're removing messaging from the main app and forcing people into messenger.

I don't want messenger. I don't want a standalone app to do just ONE thing I WAS doing in another app.

It's bullshit. I uninstalled the main app because of it. Give me one or I'll have none.

You got it all wrong.

So the Facebook app pushes you in to getting into Messenger by constantly nagging you to download it, when all you really want to do is to message someone through the Facebook messages.

I didn't want it to replace my SMS app, I didn't want it to make phone calls for me. I didn't need it to read my contact book and decide to send SMS if they're not on facebook. I didn't want the app to do any of that.

Sure, you could say that's what they need to achieve the functionality they want for Messenger, but then by constantly nagging and being problematic about pushing you in that direction, what's to say they won't shut off the message function in the default Facebook app? How do you tell that they don't do anything with the permissions to read your contacts, sort of packet sniffing on your router while it sends a message via wifi?

All of that functionality is largely *unnecessary* - I know how to send a SMS. I know how to make a phone call. And on cyanogenmod, I'd definitely use the privacy guard to attempt and block it.

"what's to say they won't shut off the message function in the default Facebook app?"

Um they did...and that's why this has all resurfaced the last few days

Yep, and I just got off the phone with my sister, calming her down because one of her friends at work passed this story on to her and she was freaking out about it. Gotta love the fearmongering.

Posted from the Avengers: Age of Droid Ultra

I made this particular point on Facebook:

Google "Facebook Messenger permissions", you'll get dozens of the negative news stories out there right now. Google "Google Hangouts permissions" (which pretty much has the same permissions/features), zero news stories painting it in a bad light.

Understanding the permissions doesn't actually make them less scary......but if you want Facebook Messenger then that is the price you pay.....not to mention that the permissions are not any MORE scary than the permissions you give, explicitly or not, to your phone or tablet's pre-installed messeging app. I think the push-back against FB Messenger is that it is uynnecessary to a lot of people. Folks already are invested in their messaging app of preference and being forced to download another one (and FBM is probably no more "scary" than any other messaging app) is the pain point.

Personally there ain't no way I am downloading FBM....not just because the permissions are so far reaching, but mostly because I do not want to manage yet another messaging app. I will stick with Hangouts.

And, of course, people will complain that the FBMpermissions go too far on one hand, then if the permissions were taken away would complain that the neutered FBM app isn't a good user experience.....

There is no happy middle ground here if Facebook wants their app to be all things to one person (i.e. SMS, MMS, Vid Chat, Voice Chat, Messaging, Phone calling, etc etc)

I think I share a lot of the same sentiment on this. It is all about finding the middle ground, which those fear-mongering articles failed to do, but no more or less than this AC article does. You can tell me till you are blue in the face what an app MIGHT need those permissions for, and I may completely understand that. That doesn't mean that I shouldn't then raise the question as to why the app needs those permissions and it certainly doesn't mean I shouldn't question that that is all that FB is doing with said permissions.

You can bet your bottom line they are working on ways to use your surrounding background noise to deal you more ads. We already knew that was coming. So sure there might have been a ton of fear-mongering going on here, but that doesn't mean it wasn't entirely off base.

Precisely. I don't need FB Messenger to send SMS for me, make phone calls for me, etc etc... The only thing that I may want is sending a voice note. Yet FB Messenger was crammed down our throats because the normal app keeps pushing it.

I wonder will FB take any permission requests OUT of their main app once they pare FBM out of it. My guess is "nope"'

I literally had to explain this to 5 people today... "Why does Facebook messenger need access to my camera... What kind of big brother shit is this"...
Well... You can click the camera button and take a giving picture and send it instantly... That's why... Man people are dense sometimes...

Posted via Android Central App

It all comes down to understanding what you are giving a app permission for, and then you trusting them not to do anything with those permissions outside of what the application is supposed to do.
Either you trust them or you don't.

Big government Big corporations Big companies aren't truly trustworthy. They never have been nor will ever be. It is up to the individual to decide for themselves

It is also up to Google to explain what these permissions do in plain English or any other language so those folks can understand what they are and why and to verify any application before putting on the play store if they need them. The developer should be able to provide their reasons for asking for them and if they can't, they don't get their apps and updates pushed.

Posted via Android Central App from my HTC M8

I would take this one step further, give me opt out options as well. It's the Achilles heel of the ecosystem, imo.

And in anticipation of comments crying foul on such a simple solution to permissions complaints, developers can always go back to charging for apps for revenue rather than making money on the back of my data.

Posted via the Android Central App

Give them the ability to opt out and the same users will whine and complain when something they try to do doesn't work because they denied the permission

Ironically I shared this on Facebook so that people would stop rioting all over about it.

Boom! From My S5

Like others here, my issue is with needing two apps for one thing. I never had a problem with messenger from within the main Facebook app, so why force the change? It worked, maybe not as feature rich as the messenger app is, but it wasn't broken by any means. That's what I don't get. But.... I also understand that it's a free service and a free app, so I can't get too mad.

Posted via Android Central App

Great article! I went ahead and shared this on Facebook for some of my friends that are freaking out over the FUD articles going around on my timeline.

Posted via the Android Central App

I still don't trust Facebook with my data which is why I deleted all their app not too long ago.

Posted via the Android Central App

I'm pretty sure all the mistrust boils down to them doing crazy shit. And once caught add the updated user permissions.

Posted via Android Central App

Doing unethical things doesn't quite display confidence and trust. Who is to say they won't do other unethical activities

They should just call them drivers instead of permissions. The terminology is the only thing scaring people.

Posted via Android Central App

Very helpful. I also got a bit scared when I looked at the permissions but it all makes sense now. Thanks!

Posted via Android Central App

The real problem is Android doesn't allow the users to choose which of those permissions you'll allow the app to use. They are also not fine grained enough.

If I don't want an app to be able to read my contacts and I'm willing to lose that functionality in the app then the app should continue to work once I've disabled it.

I'd like to see permissions handled much like "SU' where you can grant permissions once, for a period of time or permanently and with the option of resetting the choices after upgrades etc.

Exactly... there is no reason why Android can't allow the user to limit the permission to an app. For example, on my Z10 I wasn't able to send a photo via WhatsApp until I allowed it access to share files. Before I did that I could do everything but share a picture. Again I just turned that feature on and then off when I was done.

In before "you're a shill working for BIG Social Media"

(Also, I logged in with Facebook to post this, so I'm probably a shill to...)

Every time facebook pushes a big new update there are hundreds of articles going around trying to scare everyone.
The way I look at it is Facebook already has all of your info so they're not getting much more than their users already freely give them. What's more annoying is that the users who complain about it most seem to be the same users post their whole lives on facebook

Posted via Android Central App

What really made me shake my head at this whole thing was that one site my cousin posted one of these permissions articles from, asked for me to share my location.

Usually I could care less if the site knows I'm accessing it via mobile from St Louis, or wherever I happen to be, but I found that quite ironic.

Posted via Android Central App

It still uses way more system resources than I want it too for an app I barely used so I still think its stupid for them the force people into using it. I was considering deleting it because of that and this all started up.

I'd be more worried about that Verizon logo festering next to the speaker, you should get that checked.

I just keep freaking out over apps wanting access to my Location... Totally unnecessary most of the time.

Posted via Android Central App

This article is just as bad as those scaremongering articles. Downplaying risks is equally bad as exaggerating them. Yes, there are logical reasons for those permissions, that doesn't mean that FB won't abuse those permissions when they have them. As another commenter said, you have to trust FB not to abuse the permissions they have been granted. Personally, I don't trust FB. I use it but some of these permissions go too far, some of the normal FB app go too far as well.

This needs spreading the world over to stop the ridiculous scaremongering going on. Almost every app has these permissions if it offers the same functionality. People download torch apps with more worrying permissions than this and don't think twice about it. It's almost like cosmo and other articles forget about the words 'can' or 'may' before these permissions.

I'm in no way defending facebook for anything, I use Fast for Facebook to limit permissions. But the messenger app is pretty damn nice frankly.

Definitely sharing this article with my friends who are in full meltdown mode over these permissions. People latch on to a sensationalist story and run with it.

I feel like this article doesn't acknowledge the actual consequences of these permissions. Sure, it's clear why the app needs them but NOT clear what they're actually used for. That's what actually worries me.

For instance, the features for calling and texting. They're there for legitimate app functionality, yes, but what's stopping Facebook from collecting personal data by scanning your text messages as well? This requires no additional permissions as far as I know.
I actually suspect some of the features the app has are purely to serve as an excuse to request the more extensive permissions for a more sinister cause.
You might say other apps like hangouts have similar permissions. It might be the case that both Google and Facebook use them to collect personal data...
For me personally, I'm a lot more worried about what Facebook will do with that data compared to Google, given their shady history.

Just my slightly paranoid (but with good reason) view.

The Messenger app recorded a conversation I had with a coworker regarding the Chinese food we were having for lunch. It then called China's Ministry of State Security and played the conversation as if I "butt dialed" them. It then forwarded a text message I sent to the same coworker about lunch that said "Chinese? Hell yeah!!" to the NSA.

I woke up this morning to the FBI knocking on my door. They took me in for questioning about treasonous activities. They asked me all sorts of questions about Chinese state secrets. They then placed me in a tiny windowless room with just a hard wooden chair in it and said they would be back soon.

I've been waiting here for 16 hours and nobody has come back yet. I finally was able to pick up a very weak open wifi signal with an SSID of "FBI-guest" and am sending this message as a last ditch effort. If this makes it through to the Internet - - HELP!!

Posted via Android Central App

that sounds OK, but one weird thing occurred upon my messenger installation
I had two applications I never had update, I mean for ages! Those were HP Print Service and Google Play Music, the updates needed some extra permission which I had to accept, but I felt like going kind of lazy/"safe" and staying with the auto-updates. But when I installed Messenger those two apps auto-updated themselves. I know should do some study and see if there was a newer update, for both, with the same old permissions, same time with messenger installation, but it already seems quit a coincidence to be true, I guess you know what I mean

This article does a good job at explaining what harmless things the app is capable of doing with said permissions. However those permissions still give it the authority to do much more harmful things and there's no way of telling if they will or won't use those things. Messenger has literally the biggest set of permissions from all my apps that's all i know.

Thanks for this. The bigger issue is that a public company and a *very* widely used app, Facebook gets a lot of scrutiny. However, smaller apps often need really weird permissions, and the lack of a fine-grained permission model on Android is really frustrating. For example, here's a screenshot I took the other day while looking for a decent scientific calculator for a friend: https://twitter.com/prasenjeetd/status/497143736741404672 ... This was on the main Play Store app page and I still don't understand why it needs access to the numbers the phone's dialing.

Oh, I just registered to say one thing we'll really two, this message >.< AND......

Facebook's name will change in to SkyNet in a few years and then everything will be clear, it'll be a few years late, but it'll be clear.

And don't be crying about Facebook stealing your information. Facebook hasn't stolen anything. People have given Facebook all their info.

Posted via Android Central App

For the most part you are correct, but when a user allows the app to access their contacts information, those people in that person's contact list did not provide Facebook that information directly, and therefore no permission.

Not saying Facebook does anything with that information, but it definitely has access to it and it is floating around on Facebook servers.

ok so they say the camera and mic permissions are for a specific use....but that does not answer my question...can they turn on my camera and/or mic whenever they want??????????????????????????

Yep it sure could! Honestly I pray to God they do that on my phone - I would love to own Facebook!!

Seriously, yes it could surreptitiously take pics and record conversations, but there is no way they would do that because of the legal implications. So while I have no problem with this permission for an app like Messenger, if I were installing "Flapping Lumberjack" and I saw this permission I would definitely not install it.

If you have a problem with the permissions, just use Facebook on your mobile Web browser.

Posted via Android Central App

I agree that most of the permission fearmongering is silly, but that doesn't mean that some apps, notably the Facebook apps, go overboard in what they're requiring.

Your explanation of the Network permissions doesn't cover everything. In fact, you only really explained 2 of the 6. You say that it needs a data connection to work, which is obviously true, but that doesn't explain all of those permissions they claim. All they need for that is "Full network access." That doesn't explain why they need to change the network connectivity or view wifi connections.

The Facebook app itself is far worse in claiming permissions that it shouldn't need.

While it addresses the reason for the permissions it only off handily mentions the part of "at any time" which is what alarmists are so...alarmed about. All these comments basically just calling people morons for not understanding that "at any time" doesn't really mean at any time but rather it's so the app doesn't need to repeatedly ask for permission to ask to use those functions when the user prompts it to send pics or make a call through the app (which I'd wonder why they'd use that function anyways...), that's being an elitest prick. It's rather that those people and perhaps the author here don't understand the source of the outrage from alarmists as much as alarmists don't understand how app permissions work, the Huffpost author included.

When people get a story from what they perceive to be a fairly trusted news source and actually do read the article and not just repost from a knee-jerk reaction to the headline, you're giving a you're own knee-jerk response to their reaction with just as much a misinformed opinion as they are.

That's like throwing any average joe under the bus for trying to understand half a story and being expected to know the rest. Yes, people shouldn't always believe what they read but then if the author is also not being honest with explaining something, they are just as guilty. By this I mean that Google/android needs to scrub up their language if they expect people without seemingly insider knowledge to not have the knee-jerk reactions. Something such as "at any time" not meaning literally just that wouldn't fly in classes where I taught English.

Would you tell someone they can come by your house at any time but then be perfectly fine with them entering your house even when you're not home without you explicitly saying so or them getting permission first? I'd doubt it. That's essentially the bigger part of the problem with this issue and the author here has skirted it.

Bingo.

Lovers of the app always blow off anyone who brings to light what can be done with these permissions and call everyone alarmist or conspiracy nuts.

Enlight of the recent disclosure of their so-called experiment is it any wonder why people are worried. Just sugar coating the realities of these things,is just as bad as actual falsehoods about it.

Educating the public about this is good,but to blow off legit concerns because you're not in agreement with a story,or are biased towards the author is lame. You may not agree with his style but the outcome of his story has prompted a worthwhile dialogue about it.

Posted via Android Central App on my HTC M8

"at any time" means exactly what it says. Sure it's there to support taking pics based on a user clicking to take a pic, but that doesn't mean it couldn't take a pic "at any time". You have to trust app developers to some degree, the question becomes do you trust the app not to do it "at any time", if you do install it, if you don't, don't install it.

Frankly Facebook would not be stupid enough to write their apps in such a manner as to do this, they would be sued and fined out of existence if they did.

Posted via Android Central App

I remember that many apps would allow for such things as a matter of user option, but this takes that completely out of the equation. What this has done is set a precedent for taking this permission out of the users hands in-perpetuity for said application. Because it takes the responsibility out of the hands of the user, are the developers taking 100% responsibility for security? Again, if the user still had options within the app to turn off those features, it could be a shared responsibility, but now Facebook much assume (although I doubt it really has) full responsibility for the security of not only the app, but also the device.

I actually used permissions pro to disable SOME permissions on it, and mostly the ones that said "without your consent". I blocked the camera, calling, and sms as well, though in the app i can still use the camera, even though I blocked the app from using the camera without my consent, but hey, maybe it has separate permissions for with your consent, because i can still take pictures with the app just fine.

This is still another completely different access point for a security exposure. Each application provides another access area and one that needs to be protected, regardless if you are an Android or Apple (And you can still use the old messenger on Blackberry).Regardless, I'll pass. To be honest many people already have a love/hate relationship with Facebook anyhow and at this point, pretty well done with that back and forth. As soon as they get something fixed they have to change the experience. It is already quirky digging up old posts, etc. Russian hackers already have enough targets.

So if I want to use the app I'am required to accept all that stuff. I wouldn't call this a choice. I don't want to call or SMS my friends from the stupid FB app. I have a phone in my hands after all!! I would call this ransomware. May be these articles exaggerated the audio recording, but they have a point.

My issue is not with how permissions work, it's the wording of them that makes me uneasy. Just because they are for the more efficient running of the app, the wording of them implies and in fact does mean, that by downloading the app you are giving fb permission to do more intrusive snooping. (If they wanted to)

Call me paranoid but appops (root required) and revoking permissions like ability to make phone calls strikes me fancy. And besides i can sleep better knowing that.

Revoking access is not without it's own problems though. Sometimes apps dont work properly so it's a bit of trial and error.

Sure, I believe this about as much as when the government says "It's not as scary as it seems." when they enact something.

The simple fact that Facebook was conducting scientific experiments without the users knowledge OR permission should be enough for EVERYONE to drop Facebook, Facebook Messengers, and everything Facebook related.

It is obvious at this point that Facebook and the Government are one and the same and are milling every ounce of data imaginable.

Remember, they need to keep us safe from the terrorists that they are also giving weapons, funding, training, and help too.

Right...Makes a lot of sense, don't it.

It's called Problem, Reaction, Solution...

Hi Phil,
Can you explain to me this is not the case? The distinction of desktop apps and hand-hold devices apps.
 
Since the computer so far, the apps available in the computer and the store-bought computer software. If I'm not mistaken, they never require details of my phone contacts, read my message, read my files ... etc. Its mission is the act as the dummy, I'm execute apps.

But these apps for tablets, smartphones, most of them require your privacy. So that the flashlight app is also requiring your privacy? Do you feel ridiculous ?

For me, privacy issues are not important because we live in a modern innovative technology. Your profile can leak everywhere in the doctor's office, hospital, job placement agencies, banks, IRS ... etc and your profile in the e-mail account, G +, Facebook, Twister. ..etc. So, you have definitely thought: give it up or be enslaved by modern toys.

We have too many apps for communication: Hangout, Yahoo Messenger, Tango, Viber, Facebook Messenger, Skype ... etc. These are the problems in the future, and it also thwarted develpers issues preventing battery saving. Leakage problem is very difficult to prevent.

So I recommend that you do not have a 100% assured. "LIVE WITH IT or LEAVE IT".

I'm sorry, this sounds like a PR piece. "Facebook needs access to your camera to - DUH - take pictures."

So what if Facebook Messenger wants to take a picture or record me speaking without me expressly asking it to?This is not FUD. There maybe fear and doubt but there's no uncertainty here. Facebook Messenger can do what it wants with my camera and microphone. Given all the issues surrounding Facebook's use of our personal data, not to mention the NSA snooping on our internet communications, this is a REAL concern.

I have had this app for around 3 years now, it really hasn't changed much and have had absolutely no issues concerning my privacy being invaded. If you actually read the tos of apps you are installing they almost all ask for the same permissions whether it's a game, social media, or other app.

Ok for all that, I have a question . where and when ,me as a user of my phone know if any of these permitions will not be used for other purposes ,e.g when facebook access my location to not send the location to the company ,or my contacts are not shared to the company who made the application .fair enough when said ok I need access to your messages ,whats next? Will these information shared back to the owner of the app?

Sad to see an article which claims to 'put it straight' can't tell the difference between FUD and fact.

It is a fact that many apps ask for stupid permissions - it really wouldn't surprise me if they asked for the right to consult restaurants on my tipping trail.

Just maybe Facebook isn't quite as bad as it's been painted . Maybe.

So why choose them as an example? There's plenty that are way over the top, and you know it.

And yes, idiots do sign up for this cr*p.

Pretending there isn't a problem is something I spend my life accusing Microsoft of doing - and now Android are doing it too. Fanboi stuff. Fix it, don't deny it. Pathetic.

My issue really isn't about permissions. I always turned chatty off. I detest messenger apps period, don't want chat heads popping up over everything. The inability to disable permanently within the app is offensive. Facebook's phone / Launcher was soundly rejected this is their way of eventually taking control of the dialer and all messaging.

I will not be installing messenger and have already deleted the Facebook app from my Tablet and Phone, I'll be using the web browser interface.

Thanks for the voice of reason. The biggest drawback to people who run around like Chicken Little declaring that the sky is falling....is that genuinely critical issues (and there are a significant number of them) get lost in the crowd.

Personally, I look at it this way: if absolute privacy and confidentiality is imperative, don't use Facebook, or Gmail, or Google. Keep your phone numbers in a pocket diary (we used to do that back in the "old" days), and don't let your cellular provider keep them backed up for you. Don't text, don't post, don't tweet (especially if it's a picture of you taking in the sun at the beach while telling your boss you're sick). There's a reason all these cool apps are free. They want to sell us stuff.

Sure, it's a little spooky sometimes...when I look something up on my laptop, get in the car, and my phone shows directions to the object my search, or asks if places I've been that appear in my contacts, should pop up on my Google cards. But I've made the choice to be integrated into Facebook and Google, and that's the way they play.

Personally I think FB is trying to gather as much info on how we live and integrate our social and personal lives through communication so that they can stay ahead of Google and other companies (that are developing any type of social media), corner the market per say, by one day providing us with "the prefect phone with the one perfect app" that will do all know all predict all remember all, well you get the point.

That to me is the bigger picture of why the need to allow access to everything and collect all the data. I'm not saying harmful intent from anyone from any company isn't possible, but I don't think the goal is to know who is on their rags and who just ate pizza, but then again maybe trump made deals with cell phone carriers and social media apps and buys conversations with keywords to lucrative ideas.

Lol

We really appreciate this but you got this wrong for the most part. some permissions are reasonable but others are just plain stupid and not required at all for the app to work. Not mentioning some of the are abusive to say he least...

Shall we:

1. Location: seriously? This is needed for gathering data for advertising purposes. If you really want to send/share your location to other users there are other ways as you mentioned.

2. Contacts and Accounts: this is a serious abuse from Facebook. It does not need to know and it should not have access to neither your account (google, Samsung, cloud accounts and whatever you may have on your device). what is the real purpose if this? If it needs the FaceBook account (LOL) this is the one you're login in the app in the first place. Should be enough.

3. Run at startup: thank you but no
4. Draw over other apps: again abusive - no apps should take control over the interface, Android already has a nice notification area for it.
5. Control vibration/prevent phone from sleeping: there should only one central location for controlling these thing, the Androif setting. Thank you! We do not apps overriding these.

And also, do not try to compare it with the Google Hangouts: your whole device is shared with google one way or another. We do not need another player in the game.

Facebook keeps all your messages Forever !! mysql is just like $$ It's why Ppl / Firm ect need to begin use Host site and do your own site then you wil be more safe ... Pm me for Top host master what have keep my ass save for 12 years
i had Porn / Torrent / Fileupload / ddl / efly Law from all world was after me try turn me down but my Host master keep me safe So 100 % Pro Host i can give you never get 1 better PM ME TO GET YOUR OWN BANKBOX FOR YOUR BIZNESS OR PRIVAT
P.s today im a good follow the Law ! lol
Conceptitkidz@gmail.com
or
androidcentral.com

Conclusions :
1 - Batman had to tap every phone in the city to find the bad guys.
2 - The facebook messenger app can update it's program to hear or see from every phone that has it running.
3 - Batman owns facebook!

So why are you calling the original article FUD? If you give the permissions to the app then it can do everything that the article said. Just because Facebook says they aren't going to do it doesn't mean they aren't. They are a very shady company.

Thanks for setting the record straight. After reading I've looked at the permissions myself and I have a question about the last two which were not addressed in this article. It might be a wording issue, but these do sound rather spy like.

- Wi-Fi connection information says that the app will know not only which Wi-Fi network you're connected too, but also see the names of other devices connected to it. I understand that the app needs to know which Wi-Fi network it's connected to, but fail to see the reasons behind it knowing which other devices are connected.

- Device ID & call information suggests that the app will track all your calls including the numbers you call. I'd like a clarification here. Does this only happen when you use the app to call someone?

I'm sure this must have been covered by someone in the comments but, rather than read through them all, I'll voice my opinion. I have had Messenger on my phone and, during all that time I've never felt comfortable considering all the permissions. I'm sorry but I have far too many programs on my Note 2 that have information about accounts and such to feel good about giving unbridled access to my phone like that.

The permissions can be explained away - very condescendingly btw with the use of " ... wait for it ..." which sounds very childish - but, in agreeing to all those permissions we all know that what access is explained in this article can change tomorrow. Yes, it might only request access to my sd card for one innocent reason today but tomorrow it could be for something more invasive that I don't have to be notified about because I was already informed about, and agreed to, access. My files on my phone are for my eyes only, unless I decide to send them to someone individually.

Unfortunately, messaging through the Facebook app worked fine and now I won't be able to message anymore. As time goes on Facebook is getting to be less fun and useful as a way of keeping in contact with friends and family and more like an invasion of privacy. That's unfortunate.

It isn't about whether or not the permissions the app requests are reasonable for their functionality, it is the fact you give a blanket permission to them to do as they will with that permission. If you give a stranger your phone so they can make a phone call and they then rummage through your contacts, you'd have reason to be upset. This is essentially the same thing except the stranger is more trustworthy than Facebook and you also have physical evidence to the privacy invasion, as opposed to an app running in the background.

OK, so I listened to this and decided to go ahead and install Messenger. Can anyone now tell me how I STOP it appearing ALL OVER all my other pages on my Samsung Galaxy 5?!!? Nobody mentioned this INCREDIBLY IRRITATING behaviour. Pardon all the CAPS, but I am seriously P'd off. There is nowhere where I can find any settings that might stop this INVASION. Help?

I HAVE PROOF THAT FACEBOOK USES YOUR CAMERA TO SPY ON YOU. I found this out only by chance But its undeniable. So I have a androud with water damage. It still works but the camera function is broken. So every time you try to use the camera or the flashlight or any function that needs the camera a message will pop up and say failed to initialize camera because the camera function is broken. And here us the proof no other app does this except facebook. Everytime I go on Facebook the msg pops up all the time and says failed to initialize camera. Do there you go facebook is always trying to turn on my camera all the time without asking and for no reason expect to spy on you