Individuals need to take some responsibility for their data privacy violations

I'm talking about the aggregate of evils regarding our privacy that Facebook has been caught doing red-handed, which finally has reached peak evil when it was found to be abusing Android permissions to scrape your call logs because it has your attention right now and this is important. Except the company wasn't really abusing anything and is just really really good at grabbing all of your data and that's just as important. It went pretty much like so:

  • Old versions of the Android READ_CONTACTS API bundled your call logs with a contact into the data about the contact itself.
  • Facebook wants you up upload your contacts so you can see others who also have the Facebook app installed (and can spam the ones who don't) and someone noticed that they could scrape the call logs and get information about who you called, who called you, when, and how long you talked.
  • Facebook being Facebook didn't bother to tell you it was doing this, but did say in their privacy policy that you can see and remove any data they have about you if you like so technically they were above the board here.
  • Android was updated and access to call logs was split out of the READ_CONTACTS permission.
  • The old permission still applied if you had an old phone, didn't revoke it yourself by reinstalling the Facebook app, or had a version of Facebook that was baked in and you didn't have any control over any of this to start with.
  • When you finally did update and saw the new permissions, you probably didn't read them and tapped install anyway. If you did read them, you probably didn't understand them and didn't bother to find out what they meant.
  • Zuckerberg buys a volcanic island and begins plans for his doomsday device. Probably.

I'll start by saying what we're all thinking and can all agree on: that's all seriously messed up. But a lot of it is our own fault and that's not something anyone wants to talk about.

Google may be able to "fix" this but then we shift trust and responsibility from one company that makes billions from our data to another.

Google should have never let this happen. Another thing most will agree with but is that really what we want? Google cannot see the future nor read anyone's mind. Some of the smartest people in tech work for Facebook and they simply found a way to game a system and they did until they had to stop. You can bet that there are smart people working at places like Facebook and trying to game the current system, too, because your data is what makes these companies worth billions of dollars. More of your data equals more dollars and if you can bring in more dollars to the company you work for some of it trickles down to you. And it's not Google's responsibility to monitor what you install and what you don't; it's only there to enforce the rules as best it can and update the rules when it thinks of a better way.

We also can't ignore that people have been telling us all that Facebook was a super shady company for a long time. This isn't even the first time the call-log scraping has been brought up to mostly deaf ears. And we've been told to read permissions and EULAs and everything else we have to agree with before we tap the Yes/Install/DO IT NOW buttons and largely ignored that advice, too. We've been given plenty of information that should have made us take a closer look at what Facebook was doing and most of us chose to ignore it because we didn't understand much of it or simply didn't care.

It's obvious that this all wasn't good enough or that nobody cared. We don't need to look any further than Facebook's current permissions that include the ability to pull all of the data from your call history and then check to see how many installs the app has to prove it. It's right there in black and white now and has been for a while, but people either trusted that Facebook would never do such a thing, didn't bother to even look at the permissions, or saw them and installed the app anyway.

I think and sincerely hope that it's just the difficulty of keeping track of it all and not that nobody cares.

Picking on Facebook is easy because it is so bad. But all of this goes for every app on every screen.

What's less obvious is how it can be fixed. If you're that person who doesn't care what type of information Facebook has on you and is OK with them doing whatever they like with it, you have nothing to worry about here. Please be sure to delete me from your contacts if I happen to be in them, by the way, because I care and Facebook also tries to build a profile on me based on any data you have about me without asking either of us for permission. For everyone else, it's simply time to take some responsibility and police our own actions. That's easier than you might think and here are a few tips to get you started.

  1. Know what you are giving a company and what you get in return. That means think about all the data a huge company like Google collects from you and how they handle that data then decide if it's a good deal for you. It also means to think small and decide if it's worth letting Toyota have access to your contacts so that your car can announce a caller by name while you're driving. Everything is give-and-take, and you need to make sure what they are taking is worth what they are giving.
  2. Every piece of software on every device with a screen has terms you need to agree to before you start using it. Read them. Read every word and question anything you do not understand. Question the answers you get, too, until you're satisfied.
  3. Decide what services you need versus what services you don't. Do you really need Alexa and Cortana and Google Assistant and Siri and Bixby and Roscoe's Rib Rack's automated drive-thru knowing everything about you? Keep the things you need (as long as you're comfortable with the terms) and ditch the things you don't.
  4. Don't sign in to your new Android phone during the setup. Skip past and get everything running so you can see what you might want to uninstall or disable before you've logged in with your Google account. Once you've deleted and disabled the huge amounts of spyware and garbage that companies love to install on your new phone, open the Gmail app and you'll be sent to the sign-in process.
  5. If you find apps on your phone that you can't disable or delete, find out why. The answer could be because of a legitimate need (many Android apps depend on other apps being in place to work) or it could be because that app is from a company interested in things you do and places you go and wants to send data back to the mothership. If, for example, you're not OK that some Android apps need Chrome to be installed and not disabled, make sure your next phone doesn't have Chrome installed. Or iTunes. Or OneNote. Or whatever.
  6. Use some common sense. And it's OK to ask questions if you don't trust your own common sense, too. Nobody is a walking encyclopedia that knows the right answer to everything and you'll always be able to find someone who is an expert on the things you aren't.

The old saying goes "if you want something done right, you do it yourself."

If we don't start taking some responsibility ourselves when it comes to our privacy there are no good outcomes. We don't want or need lawmakers who are older than the transistor itself trying to decide what's best for us, we don't want any one company (like Google) acting as a gateway for all of our personal information. And we don't want to keep seeing things like Facebook screwing us over (and over) until we have nothing left that it wants. We can do this. You can do this.

And you don't have to do it alone.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.