Facebook’s phone app can read your texts, make calls and turn off Wi-Fi - should you worry?
It can read your text messages - and look at picture ones - and has the right to turn off your phone’s Wi-Fi, without telling you. Other popular apps can use your exact location - and make silent calls.
Fancy a jolt of raw, icy fear? Any Android user can instantly test whether their adrenalin glands are still working, simply by looking under the bonnet of the Facebook app on their phone.
More specifically, look at what it’s allowed to do. It can not only read your text messages - and look at picture ones - but also, inexplicably, turn off your phone’s Wi-Fi, without even telling you.
One of the app’s Permissions (you can view these under Application Manager in Settings), allows it to, “Create calendar events and send email to guests without owner’s knowledge,” another simply allows it to, “Make phone calls.”
You won’t even be aware it’s doing this. But the worst part is that you might not even be aware that the app is allowed to. Although you ARE greeted with a list of permissions when you install an app, companies often keeping adding more and more after you’ve installed.
Worse still, you have to agree to use the app - you can’t turn individual permissions down, or monitor them - you either accept the app as it is, or you can’t use it. Facebook knows that in a world filled with 50-page legal documents that no one ever reads, a few Permissions will slip past most people without even being read.
[Are these the first pictures of iPhone 6?]
Facebook’s far from alone in this - although its list has grown at a terrifying rate - Dropbox’s appp now allows the company to prevent the phone from turning off, and allows ‘Full network access’, basically a Golden Ticket which allows it to do anything on the net, without informing its owner.
‘Full network access’ has become so widely abused it’s often touted as a ‘flag’ for spotting bad Android apps - but both Facebook and Dropbox use it.
Likewise, Facebook’s Permission to send text messages that cost you money used to be a surefire ‘mark of the Beast’ for spotting malware - now it’s not.
This week, app stores were bombarded with fake versions of Flappy Birds in the wake of the popular app’s withdrawal. Looking to see whether a version of Flappy Birds was allowed to send text messages was a way of telling the difference between the real one and malware which could steal information and damage your phone. But if every app is harvesting information, hand over fist, it becomes difficult to spot the bad ones.
Neither Facebook nor Dropbox are about to turn to the dark side, of course - they’re both making too much legitimate money to consider it - but their ever-expanding control over your phone is making it more and more difficult to spot genuinely bad apps. What Facebook, which makes its money from adverts, considers a ‘good’ use of your data may also be rather different from your thoughts.
Facebook’s list has now become so alarming that the company has been forced to explain some of them - with engineers replying on forums, and a table of explanations, such as the fact that the phone reads events to display them in its calendar, Facebook says, and ‘reads’ your texts so that it can use SMS messages as an extra security measure.
The fact that antivirus pioneer John McAfee has now set his sights on ‘rogue apps with his new venture Cognizant is recognition of the fact that Facebook’s ‘explanation’ does little to deal with a real, growing problem.
Showing off the Cognizant app this week, which scans phones for apps which ask for worrying amounts of Permissions, McAfee highlighted a popular chat app that allowed itself to access your camera and all your pictures, your exact location as delivered by GPS - and to make silent calls without you asking.
McAfee’s goal is to ‘police’ apps that aren’t exactly malicious, but might be handing out far more of your information than you’re comfortable with - or using your information for targeted adverts.
“When it comes to these portable computing devices, we have these great big steel doors protecting a paper house, that’s why we’ve launched this product,” he said this week.
“Endpoint protection, anti-virus, anti-malware, even encryption – all of those mean nothing if you have voluntarily given these applications access to everything.”
“Info collection is everywhere and people have just assumed that all these apps are on the up and up – that’s a big problem,” he said. “ When you ask yourself what a chat app is doing with built-in capabilities to silently make calls and put out other information, it’s a pretty dire picture. It’s all about taking information, accessing your location, your camera and we’re losing our privacy. There are many companies doing this, but that’s not the only threat, we’ve talked about the NSA but many governments are doing this as well.”
People are, of course, unlikely to stop using Facebook even if they DO know. But perhaps McAfee’s venture will shine a light onto companies who’ve been gleefully helping themselves to our data, knowing that most people won’t ever really read what they can do.
Will a lone policeman be enough? It remains to be seen. It’s a welcome start to have at least one person shining a light onto a pretty murky practice, one which took Facebook months - and a blizzard of headlines such as ‘Is Facebook reading your texts?’ - to even answer user fears about.