Facebook update

Facebook this week finally did what it should have done some time ago — it explained the scary-looking new permissions required if you're going to use its Android app.

To be fair, Google still does a poor job of explaining the permissions apps declare in plain English. Thus, "Downloads files without notification" can make it seem like you have no control over what an app is doing, when all that's really happening is it's downloading information in the background. In Facebook's case, that's things like video previews (and now ads) in your timeline.

Not so scary after all, eh?

Other permissions Facebook took the time to explain are:

  • Read your text messages: So Facebook can confirm your phone number via text message, if you've added it to your account.
  • Read/write contacts: Lets you import and sync your phone's contacts, or sync your Facebook contacts back to your phone.
  • Add/modify calendar events and send emails to guests without your knowledge: Facebook says it's just so that you can see your Facebook events in your phone's calendar.
  • Rear calendar events plus confidential information: This lets the Facebook app check your calendar to see if you're already busy at that time when you're viewing a Facebook event.

All in all, nothing really scary there after all. Good on Facebook for finally taking the time to explain things.


Reader comments

Facebook's new permissions aren't any scarier than using Facebook in the first place


Although they are stating what these permissions are doing who is to say they are not doing more and not saying it? If they wanted to actually read your texts they probably could. I guess it's on their honor though, right?

Or the NSA could through a backdoor. But that's already possible on almost every OS for them anyway (Blackberry being the only exception but it isn't really worth leaving android for a bit more security)


Sorry, but BlackBerry isn't an exception. In fact, BB has a great big glaring front door they left wide open. They have an agreement with the Indian government to give them unrestricted access to user data. You'd have to be a fool to think the NSA and other agencies haven't made data sharing agreements with the Indian government to get that info.

Yup. Really iMessasge was the only one found to have been truly encrypted.

Posted via my defective Nexus 7(2013)

Although true I believe the "great big glaring front door" you refer to is only subject for the residents within India and all other BB servers remained locked and protected from government/private agencies elsewhere. Which means the NSA can't show up in India and collect information on Bob Boberson in Texas.

Agreed. It's important to distinguish that Facebook states the SMS permissions are to allow them to do things "such as" automatically confirm your phone number via text message. It says nothing about what ELSE they use the permission for. It does not explicitly state they do not use the permission for any other purposes. Hardly transparent.

And don't forget, FB copies everything you post to it and claims intellectual ownership to all your pictures, videos and every word or idea, whether you delete it or not they keep a copy. FB also puts hidden cookies on your device that tracks every website you go to unless you clean and clear all cookies after using it.

Article two years ago about a women who went shopping and found picture frames for sale and the display picture inside was her and her family. Found that FB sold her picture to some site as a stock photo and she couldn't do anything about because of the TOS she agreed to to join like everyone else.

At least as far as we know the NSA isn't selling all the data they have collected to every company out there and itemizing our interests to sell to companies. Maybe I should delete that not to give them ideas. Then again if they sold all the info on everyone they could probably pay off half the debt.

Giving plausible reasons for permissions does not answer the real question.
The question is do you trust Facebook or not.
If you trust them then fine. if you don't then you might believe they would use those permissions for collecting your contacts and read and analyze your SMS data. I for one do not trust them one bit.
Same exact case with Google and Android and hangouts, the only difference is that I trust Google...

So in this case, what do you think Facebook is going to do with data that Google wouldn't?


When dealing with Internet stuff, a lot of it is based on honor and faith, that our information won't be sold, that malware won't be installed on our machines when we install a program, that the site/service will still be around tomorrow.

I sent a text message about Klondike Bars. Nothing even vaguely related on my Facebook. All the sudden....BOOM advertisements for Klondike Bars start appearing in my newsfeed. Somehow I highly doubt they're just using the "read your text messages" for identity verification.

Of course there is a difference.
Facebook on the web can't read my contacts or my text messages that are private.
On the web the only data they see is what I chose to tell them and certain web surfing habits.

I don't understand why people think like this. Point blank the only information that is 100% safe is what you write on paper and lock up somewhere. If your so concerned with security then drop Facebook, instigram, Twitter, tumblr, linked in, MySpace, plenty of fish, eBay, Amazon, and switch to a blackberry (yes I used to be with them.)

My point is if there's information you don't want public then you shouldn't put it on the Internet period. Heck, I've found stuff about me that I've never made public so there is no "true" security on the Web because if someone isn't already trying to sell your stuff someone else is trying to steal it.

Posted via Android Central App

1. I didn't put my text messages on the web so your point does not apply.
2. I did not put my contacts on the web same as before.

Facebook just insists on getting access to data I did not chose to put on the web or Facebook.

as for why use it at all? cause all the Muggles are using it.
If there was a way to get my non tech friends and family to use G+ I would deactivate my account tomorrow.

You've completely missed the point, imo. You think because your text messages weren't made public by you, this means it's impossible for someone to monitor your texting if they wanted to? Same with contacts and everything else you do on your phone and the internet? How naive.

The only secure lifestyle for any of us, like was just said, is pen to paper into lockbox or safe... or shredder... or, better yet, burn the evidence lol. But that's obviously not the way of the world these days, so we must deal with it by learning the ins and outs of the law, according to where we are located, and know our rights and the limitations of the government according to those legalities, and cover our asses that way. Only way to secure your ass these days is to know the law completely. Who gives a shit what Facebook sees... they just better be careful with how they use it.

Posted via Android Central App

Of course it's possible for someone to monitor your text messages. The point is making it less accessible. The same reason you would use better locks on your home. It makes it more difficult for someone to break in. You should treat your personal information the same way and at least do your best to keep it private.

I use an iPhone. Thankfully my iOS can restrict certain permissions. It's my understanding Androids (without a separate permissions/task app) have to accept them all at once. The only permission I give Facebook is internet access and my photos. The other users don't care or don't think how there information could be violated. Facebook is pushing for more information intentionally and using these packaged permissions as a way to get it. It's a smart move on their part but for our privacy and control of information, not so much. I want them to change their terms.

G+, Google, are reading your contacts as well. I don't agree with the 'its cool, get over it' crowd but Google is no better.

Posted via Android Central App

And when I go online and research blinds on Firefox, the next time I pick up my phone it asks me if I want to continue my search. Ugh. I used the do not follow plug in but Google still follows the info. Very annoying.

Posted via Android Central App

I should have remembered the IMO.

Google plus has a better looking design and is connected (whether good or bad) To everything google.

Twitter is better because it has short bursts of information instead of having to read long boring posts. Also, twitter is different from Facebook In so many ways its not even funny.

I personally never liked Facebook, and this was part of the reason, bs like this. It's ridiculous and like an above post said Facebook makes the NSA look transparent

Posted via my defective Nexus 7(2013)

I wish there was a way I could like your comment. I actually don't think Facebook is all that bad at all.

Posted through my Nexus 7!

The "read SMS messages" is a total joke of an explanation. The Facebook employee that wrote that had to be cracking up while typing.

Will not update with these new permissions.

Posted via Android Central App

Agreed. The contacts and calendar syncing sounds great (if I'm reading it right) and brings back functionality that's been missing from Android since Gingerbread (or whenever it was Google yanked FB syncing) without a third party app. However, I honestly see no reason why FB needs access to my texts. That's tantamount to listening in on my phone calls as far as I'm concerned.

That sounds scary enough to me. Why would I want Facebook running in the background eating my data and battery? Why do I want Facebook looking at my contacts or adding my "friends" into my real contacts? Or why do I want Facebook spam (I mean events!) in my calendar that I use for business?

That all seems really scary to me. Definitely not upgrading.

Here's what needs to happen... When installing the app it should come up with a breakdown of "required permissions" for the app to function at all. Then they should have another section of "optional permissions" that will allow the program to more fully integrate into your device. Each permission should be explained in detail during the install process by the app developer and optional permissions could be disabled by the user during the install if (s)he doesn't want to use those features. Done and done.

The mechanism is already there, "App ops" can do most of it without giving the app a choice but it seems Google is in no hurry to protect us and implement it fully. they have been testing it for about a year with no step forward.

Nice, just downloaded it. Thanks for the info... now I can dl FB lol. Hrm, unable to find the read txt msgs permission in it, oh well FB wins again..

Just tried to download and it says not found. Hmmm....

Posted via Android Central App on my Moto X

The 'feature' was left in by mistake. It was supposed to be there during testing, not for the public release. Nothing effed up about that at all.

YOU think it's important, developers on the other hand may feel very differently. I suspect Google is probably on board with the Developers on this one as the average user wouldn't have the first clue what the real consequences of turning off and on various permissions would do. If the power user wants to do it, they can root. If you don't know how to root, then you probably shouldn't be messing with permissions in the first place.

I don't know how to root because I have no interest in rooting (at this time, anyway). I would however like to be able to set permissions for apps that I use, and I think I'm capable of doing that and living with the consequences.

Posted via Android Central App

Gaining root access is kind of a permission into itself, the ultimate permission actually, it's like having admin account access to your PC in Windows parlance...On a technical level it actually kinda makes sense that most people who aren't willing to research that wouldn't properly research permissions in order to manage them either...

The only other common approach to this kinda security issue is to prompt the user every time an app requires those permissions, rather than have it be an all or nothing thing... You might be jumping off your chair saying that sounds ideal too but how much did people complain about Vista's UAC prompts and how often do they just blindly click thru now even with reduced prompt frequency in Win 7/8?

The average user simply doesn't read security warnings, at all, they either accept them blindly or get scared and deny them... Unfortunately OS have to be written for the lowest common denominator.

The problem with your theory is the same one that Windows designers made. they assumed that computer knowledge is an all or nothing kind of thing. That you were either astute enough to be an Admin, or you were a monkey-stupid average user who shouldn't be allowed at the controls. This is a false dichotomy.

In reality, many users are more than capable and willing to manage app permissions on a granular basis, but not yet knowledgeable enough to go so far as to root their device. Rooting, while much easier now than it once was, is still a reasonably complex process. While toggling permissions on and off for apps is a fairly simple process, and learning what breaks an app and what doesn't is a simple matter of trial and error. (Toggle Camera permission off and suddenly you can't upload images? Yep, gotta leave that one on.)

If a user is so uninformed that having access to app permissions on a semi-low level like App Ops does would somehow be dangerous for them, then they will probably never go into the settings in the first place, so having access to the permissions doesn't matter for them anyway. For the rest of us "Power Users", who want access to the permissions without the relative complexity of rooting, having them available is a very good thing indeed.

So sick of all this privacy BS. Get over yourselves people. Its Facebook. You've already given them access and rights to everything by creating an account.

Posted via Android Central App

Maybe, but I still don't feel that having access text messages is a good thing. After all I seriously might creep some facebook employee out with my selfies... LOL :-) I kid I kid, maybe....

This I have to agree with. It is not very often Facebook would need to verify my phone number because it really doesn't change that often, so i don't see how the permission is justified for the sake of convenience of a feature that is not used very often. Do they really think we're so lazy that we can't even make the effort to remember a five digit code between the SMS app and the FB app? Or even copy / paste it if that's too much of a bother? Good grief!

That being said, I've been glad to be running CyanogenMod since that has privacy manager baked into it and that granular level of permissions control is very nice to have.

Or Not.
I don't think anybody should be able to read my texts for whatever fake reason. They don't need this feature, it adds nothing to the experience.

Posted via my defective Nexus 7(2013)

I don't use Facebook. Never have. I use twitter, and Google plus, but not Facebook.

Posted via my defective Nexus 7(2013)

Of course, all these app devs KNOW that permissions look scary AND are obscure in their terminology; it honestly cannot take that much time to explain why your app needs a given permission... in any planning document, those permissions would be laid out alongside their features (precisely because those features require those permissions).

tl;dr after a certain point, it stops being google's fault and starts being the app devs fault =p and we are past that point. It should be incumbent on any app dev, frankly, to Explain Yourself, What Are You Doing And Why without regard to "oh, google chose some weird language"... actually, google chose some pretty descriptive and accurate language. It chose the language that exactly describes what that permission allows.

As one commentor noted, plausible explanations are one thing... those permissions are another entirely. Even if those are the "true" explanation for requiring those permissions, that does not obviate the fact that you are granting some rather broad permissions... permissions which, having been granted, might be used later on.

Maybe it really is only for confirming your phone number by text message.... For Now. But having that permission, what is to stop them from using the full power of that permission?

You left out the most significant responsible party: Users
Users have a responsibility to educate themselves. Ultimately if they download an app that is asking for more permissions than it should or from a 3rd party source, the fault lies on them for not paying attention.
Personal responsibility folks.

Ermm. Facebook asks for 60 other permissions if I'm not mistaken. Other than some benign permissions, these stand out as well:

Find accounts on device
Reading call log
Stop the device from sleeping
Record audio, capture photos/videos
See running apps, reorder running apps
See wireless networks and connect/disconnect to/from them
Access accurate GPS location

A weight has been lifted from my Gnex after I uninstalled the facebook app. I recommend it to all of you. I haven't installed it on my Nexus 7 and 5 and I'm very happy with that decision.

If you're talking in terms of battery life, I'd have to agree. I have noticed slightly better battery life on my n5 without it installed.

Posted via Android Central App

If anyone uses app ops to change apps permissions, you will see how often it uses the SMS and calendar and all the permissions it requires. And on my phone, none of those really scary ones have ever been used.

Posted via Android Central App

So judging from the comments the permissions are scarier than just using Facebook in the first place? Does that mean it didn't work, or that Android Central users won't be told what to think? Or are we just extremely paranoid, in which case boy did we choose the wrong platform. Mwahahah

Posted via Android Central App

Agreed. I like to keep up with my kids on Facebook. They post quite a bit. But I keep all the privacy settings to max within Facebook itself. Until app opps is back I'll keep FB on my N7, which is consumption only, no SMS etc. and skip it on the phone.

Posted via Android Central App

They didn't even explain a quarter of the permissions they're asking for and they left out some of the worse ones. Retrieve running apps? Changing my connection? Reading my call log?

Sorry, but there's no way I'll install the Facebook app until App Ops is back in Android. Especially given Facebooks complete disregard for any semblance of privacy. They get what I give them and nothing more if I can help it.

I don't quite understand why the FB providing "an" example of how they use these permissions would make anyone comfortable. Especially in light of this other part of the explanation.

"Below, you'll find a list of some of the permissions we request for the Facebook app, as well as an example of how we use each one. Keep in mind that this list doesn’t include all of the Android permissions we request or all of our uses of those permissions."

This disclaimer essentially negates pretty much every assurance they gave. I mean an example of how they use their ability to read sms as an example of how they use it does not mean that another way they use it is to entertain themselves about people's text messages. As far as I'm concerned they might as well not have provided the explanation at all.

Facebook is no better than Google... Just another way for NSA and all the other secret agencies to monitor what we do online. We no longer have an privacy whatsoever on the world wide web a la internets. For all I know they're pawing all over this app and the comments being made.

One of my contacts received an email from FB stating that I invited them to join. I did no such thing. App deleted.

I only use the mobile fb page on my phone. I'm pretty sure I'm already on the FBI 's watch list anyway.

Those permissions are nothing. What about the other dozen that they dont even try. Access to batery stats? So they can remove thereself so it dos not show how awful the app is

Posted via Android Central App

Could it be "for now" that is all they are using the permissions for.

Next year, some clever marketeer pays Facebook the right amount of money, and they are emailing all you contacts about this great product that you have never seen our used.

Facebook doesn't care that they have destroyed the credibility of all email, they have they own communication mechanism.

Posted via Android Central App

I don't agree with the conclusion that these aren't a big deal. These permissions are an overreach and the explanations they provide don't explain anything. They only provide examples, but don't divulge full uses. That page is insulting. It comes off as a fake attempt at transparency.

Why does it need to "automatically" get an SMS code, for example? It's scary.

Not updating until they offer a way to opt out.

Posted via Android Central App

It's been a month, and I still haven't upgraded my Nexus 7 FB app because of "...and send email to guests without owner's knowledge." I'm pretty sure the iOS FB app doesn't allow that. I wrote FB about it, but they never answered.


Interesting...and how long have you worked for Facebook Mr. Nickinson? I can see how one could draw conclusions that wouldn't necessarily be the true motivation of Facebook from these permissions. I however do not feel comfortable with the following:

"Send Sticky Broadcast: Allows the app to send sticky broadcasts, which remain after the broadcast ends. Excessive use may make the phone slow or unstable by causing it to use too much memory."

-So this looks like it can basically slow down my phone and turn it into a piece of crap if it wants to and i have no control over it. Thanks

"Modify Battery Statistics: Allows the app to modify collected battery statistics. Not for use by normal apps."

-Gee isn't that comforting. Why in the world would you need to do that?

"Directly call phone numbers: Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Note that this doesn't allow the app to call emergency numbers. Malicious apps may cost you money by making calls without your confirmation."

-This one is the scariest of all. So the only reason that i would think you would need this permission for is plainly explained that it is not the reason. So why? Anyone else feel like Big Brother is watching?