Android's take-it-or-leaveit install-time permission model sucks. I just counted 32 permissions for the Facebook app. When the user goes to install the app they are supposed to review that long list and decide if they are going to take it or leave it. The reality is most users have no idea what they're being asked and just hit Accept. Which means for most practical purposes there is no permission security.
Much better is the iOS model where there are a select few extra-sensitive permissions that cause a popup when the app requests it and lets the user decide if they're going to grant it at runtime, not install time. That lets the user know what triggered the request and decide if it's legitimate. It also allows them to continue using an app even if they don't want to share their location or whatever.
I agree. I wish Android had denial or "spoofing" of permissions in stock form.
I do appreciate that Android points out even smaller details, however: "access to your contacts" is one that works without prompting on iOS, if I remember correctly.
It'd be nice if users could choose both the level of detail and choose piecemeal.
Obviously, we'll never see it in stock/vanilla, but there is something to be said for the fact that you do spoofing at all via pdroid, which takes less than half an hour to set up if you're of the hacker persuasion. I dreamt of such a security setup for two decades before android ever came to be.
It would be great if Android collected all the permissions that are commonly disabled for an app and then presented the permissions on an app-by-app basis sorted from most disabled to least disabled.
This way users of any app in the Android ecosystem can rely on the wisdom of the crowds to quickly see which permissions people who know better commonly disable.
Should every user look over the entire list? Yes, in an ideal world. But since that isn't realistic, the best we can do is present them with those they will mostly likely want to disable right at the top.
Google _could_ fix this by requiring SecurityException to be handled.
1. Enable the user to select "a la carte" permissions on a per-app basis.
2. The user selectively turn off permissions, e.g. I WANT my flashlight app to throw an unhandled exception when it tries to get my location.
3. Require exception handling for missing permissions in new versions.
The burden for developers is low, especially in the cases of gratuitous permissions.
There are some cases, like address book apps that require access to the Contacts provider where a permission could make an app's functionality a nullity, but I think the everyday user is OK with seeing a crash dialog if a crappy app with obnoxious permissions craps out.
In the case of a high-value app like Facebook, Facebook would be motivated to explain permissions and provide exception handling that preserves as much functionality as possible.
If app compatibility becomes an issue, "nerfed" results instead of thrown exceptions could be used to trick apps into accepting fake data.
By combining options, notifications to the user, the use of SecurityException, and changes to exception handling requirements, Google could readily retrofit fine-grained user-controlled permissions to Android.
We reached out to Facebook who investigated the issue and will provide a fix in their next Facebook for Android release. They stated they did not use or process the phone numbers and have deleted them from their servers.
What utter garbage. They're really going to claim it was an accident?
Facebook are a rotten company like this. They'll throw something out, then yank it if they get caught. It makes you wonder what we haven't noticed yet.
This is pretty standard in Android apps for analytics tracking to use the phone number, IMEI or other values. A while back, a few production phones shipped where Settings.Secure.ANDROID_ID returned invalid values (null, the same value for all devices of that model, etc). This is the reason that most apps you come across ask for the READ_PHONE_STATE permission.
Thanks for mentioning this. It's always annoying when stuff like this is taken out of context and reinterpreted by people who don't have intimate knowledge about the topic, resulting in the kind of useless knee-jerk reactions seen in this comment thread.
If you told the average web-using person that whenever they visit google.com Google gets to know which internet provider you use and from which country, possibly even city you come from and which language you speak, they'd probably freak out thinking it was some evil Google scheme to mine data when in fact, all that is simply a byproduct of any reasonable logging or analytics solution that is not special to Google at all.
> ... they'd probably freak out thinking it was some evil Google scheme to mine data when in fact, all that is simply a byproduct of any reasonable logging or analytics solution that is not special to Google at all.
If that's true -- that an objective reasonable observer would think those things -- perhaps that's indicative of analytics being of questionable ethical standing.
After all, they enable the massive centralization of extremely far reaching user data, voluntarily submitted by both applications and websites to centralized data brokers -- such as Google -- who are not only positioned to build enormous commercial profiles of users, but also to (be compelled to) give or sell those profiles to government(s).
Well what it also means is that its not just Facebook who does it. Many other apps you have installed are probably doing this as well without you knowing about it.
Actually, when you install an application you accept the READ_PHONE_STATE permission. So you're explicitly giving them permission to take your phone number. This doesn't really apply to pre-installed applications, but there's really no argument that they're doing it without your consent if you download the application from the Play Store.
Actually, most of the time it's explained as being needed to determine if the phone is in a call. Which sounds perfectly fine - I'd like music to stop or games to pause on incoming calls.
The fact that "phone state" is mixed up with Phone Unique ID is terrible.
Well, not only if your phone is in a call, but also your phone number, device id and the number of the person you're connected to.
Read phone status and identity:
Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.
And don't worry if your friend has the Facebook app and calls you if you don't have a profile. They can just search through your friend's contacts to associate your number with a shadow profile of you anyway.
The description is PHONE CALLS
READ PHONE STATUS AND IDENTITY
Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.
I am sure that most users will not even read/understand that description.
If the user puts some effort into parsing it, they will understand it and what it means for their privacy. But most people will not put that much effort into installing an app.
Despite being perfectly clear to you and I, it is wrong to ask for these permissions at install time.
Imagine if every time you visited a web site you were given a list of 5 - 10 permissions requested by the website before you could visit.
I'm pretty sure it doesn't literally show them "READ_PHONE_STATE" and other permissions in enum form. There' s a heading and a description of what each permission entails.
That doesn't give you the phone number though, nor does it excuse them using the phone number (as I'm inferring from the wording in the article). TelephonyManager.getDeviceId() returns the IMEI/MEID/ESN, not the phone number. When most developers require READ_PHONE_STATE for a unique id, this is what they use.
You know what the super not cool part is? Tons of Android phones come pre-packaged with a Facebook app that you can't delete unless you root your phone.
Several carriers still ship Android 2, specially for cheaper phones (or stupid phones, like Xperia Play that only supports Android 2...)
Oh, and my Xperia Play came with Facebook for Xperia that integrated a lot with it and I almost bricked the phone trying to remove it, needed to do some warranty-breaking stuff to re-install a firmware from scratch.
I supposed I could have googled it to find out, but I've certainly never had a carrier tell me in advance what apps would be on my phone. Perhaps it's buried in the fine print that I agreed to without reading, but honestly I doubt it.
Every Smartphone comes with certain pre-installed apps that you might not necessarily desire. But facebook certainly never was one of them. At least none of the Samsung series comes with it.
I just purchased a Motorola Defy XT from Republic Wireless and it came with the Facebook app pre-installed. I immediately checked for a system update (which there was one waiting), installed it and the FB app went away. Usually it doesn't work out that nicely though. My last Android was the HTC EVO and you couldn't get rid of FB unless you rooted it your phone.
The Google Nexus One had Facebook force-installed; (I think) it came with one of the OS upgrades, which is even worse than pre-installed, because I really had no choice.
He said it when he was 19 (!!) in regards to a web form he made where people submitted their emails, phone numbers, and social security numbers with nothing else besides that form. The users were indeed stupid as shit in that situation.
I'd also like to remind you that he's 29 now and running one of the most successful companies in the world. If you think he hasn't learned something in the span of 10 years, you're delusional and your comments as well as that article is sensationalist.
That's annoying. But an app that's more intrusive in my mind is the Flickr app which sends your Geo location back to Flickr every single damn time you exit any camera on your Android phone. Even if you haven't launched Flickr in weeks/months. It's done this for as long as I've been monitoring the apps on my phone (a good year now).
I started using LBE to selectively block security requests by apps last Summer after being required to install an e-mail app on my personal phone for work that harvests your contact lists and call history. I soon discovered lots of mischief going on with my phone from all kinds of apps and it was rather infuriating.
The SkyDrive app on Windows Phone does it too, but because I use that app I just turn the location service off until I need maps. PayPal, for instance, wants access to contacts (why?!?) so I stick with the web site. Each platform has issues like this. We're so used to just feeding the beast that app developers are ok with unreasonable requirements.
Location services can always use data or wifi antennas. I believe most Android phones have an OS-level option to turn off app access to location from these sources (otherwise airplane mode would be the only way to do it, I guess).
As much as I wanted to install their app, I never did because I didn't trust them. I clicked to the requested permissions screen a few times. But, I just couldn't get myself to go any further. Now, I feel vindicated for my paranoia. I'm sure they're doing many more nefarious things.
"The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers. You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen."
Its interesting that many of my post-college friends are finding content on Facebook increasingly less relatable, and therefore using it less. I think part of Facebook's appeal to those still in school is that it acts to reinforce the social bonds that are formed through physical encounters. Once those physical encounters die out, Facebook's use is also diminished.
That's not so bad compared to the other permissions on there. With Facebook, I'd guess (maybe incorrectly) you're already listing your phone number on there and they'll eventually get it anyway. I'd like to know the reason behind some other things on that permissions list...
* Directly call phone numbers:
Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Note that this doesn't allow the app to call emergency numbers. Malicious apps may cost you money by making calls without your confirmation.
* Read phone status and identity:
Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.
* Write call log:
Allows the app to modify your device's call log, including data about incoming and outgoing calls. Malicious apps may use this to erase or modify your call log.
* Read call log:
Allows the app to read your device's call log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge.
Account management I can understand. Location makes sense for checking-in and what not. Reading/modifying contacts also makes sense if you'd like it to manage your contacts automatically.
The call logs are the ones that really confuse me. The only thing I can think of that would make sense is charging for Facebook Credits via your carrier and trying not to confuse the user into thinking they're getting charged twice (once via the Facebook App and once more via the phone call).
Between a UI that looks exactly like the mobile page loaded in Chrome/Stock Browser, draining battery and abusing location/privacy why would anyone want to use Facebook on their Android phone? Delete it, disable it or just don't sign in as applicable.
I thought this was a known fact. Isn't there numerous articles were people were surprised how Facebook knew and was recommending their dentist/plumber/clients to be added? Towards the end it turned out to be from the contact list uploaded from the user's phone.
I am not going to say to avoid FB, but if you really want it on the phone, please use a non-official version for privacy sake. Atleast on android, they are less sucky than the official version. One of those times I am happy a company doesn't make an official version for Windows Phone and the MS version doesn't suck.
It's a shame they had to do that. I find that Android is painful to develop for.
We had issues where certain Android versions were unable to install our app. The workaround involved renaming some of our data files to use a .jpg extension so that they would be treated as image assets and not loaded entirely into memory on install, causing the device to run out of RAM. (I forget the exact details, as my coworker discovered the issue and workaround at the time.)
Much better is the iOS model where there are a select few extra-sensitive permissions that cause a popup when the app requests it and lets the user decide if they're going to grant it at runtime, not install time. That lets the user know what triggered the request and decide if it's legitimate. It also allows them to continue using an app even if they don't want to share their location or whatever.