After an Ars Technica report that Facebook surreptitiously scrapes call and text message data from Android phones and has done so for years, the scandal-burdened company has responded that it only collects that information from users who have given permission.
Facebook’s public statement, posted on its press site, comes a couple of days after it took out full page newspaper ads to apologize for the misuse of data by third-party apps as it copes with fallout from the Cambridge Analytica scandal (follow the story as it develops here). In the ad, founder and chief executive officer Mark Zuckerberg wrote “We have a responsibility to protect your information. If we can’t, we don’t deserve it.”
The company’s response to the Ars Technica story, however, struck a different tone, with Facebook titling the post “Fact Check: Your Call and SMS History.” It said “You may have seen some recent reports that Facebook has been logging people’s call and SMS (text) history without their permission. This is not the case,” before going on to explain that call and text history logging is included with an opt-in feature on Messenger or Facebook Lite for Android that “people have to expressly agree to use” and that they can turn off at any time, which would also delete any call and text data shared with that app.
Ars Technica has already amended its original post with a response to Facebook’s statement, saying it contradicts several of its findings, including the experience of users who shared their data with the publication.
“In my case, a review of my Google Play data confirms that Messenger was never installed on the Android devices I used,” wrote Ars Technica IT and national security editor Sean Gallagher in the amendment to his post. “Facebook was installed on a Nexus tablet I used and on the Blackphone 2 in 2015, and there was never an explicit message requesting access to phone call and SMS data. Yet there is call data from the end of 2015 until late 2016, when I reinstalled the operating system on the Blackphone 2 and wiped all applications.”
In its statement, Facebook said “Contact importers are fairly common among social apps and services as a way to more easily find the people you want to connect with. This was first introduced in Messenger in 2015, and later offered as an option in Facebook Lite, a lightweight version of Facebook for Android .”
When people first sign up for Messenger or Facebook Lite on Android or log into Messenger on an Android device, they see a screen giving them the option to continuously upload contacts as well as call and text history. Facebook added that on Messenger, users are then given three options: to turn the feature on, “learn more” for more information or “not now” to skip it. On Facebook Lite, they get two options: turn it on or skip. If users who opted in change their minds later, Facebook said they could turn it off in the app’s settings, with the option of turning off continuous call and text history logging while keeping contact uploading enabled or deleting all contact information they’ve uploaded from that app.”
Facebook emphasized in bold text that it “never sell this data, and this feature does not collect the content of your text messages or calls.”
Even though the opt-in screens do state that granting permission will “continuously upload info” about contacts and call and text history, it is arguable that many users don’t really understand what that means and that instead of saying “this lets friends find each other on Facebook and helps us create a better experience for everyone” (a message sweetened with a saccharine cartoon of a figure texting a little heart), Facebook should really be giving more details about what exactly will be recorded and why.
With the Cambridge Analytica scandal still fresh on everyone’s minds, Facebook’s apparent willingness to place the onus for protecting personal data on users who already feel victimized is unlikely to help them regain any goodwill. But even people who truly understand the implications of the feature and chose to opt-in anyway did so assuming that their data would be guarded as Facebook promised. As the Cambridge Analytica fiasco threw into sharp relief, that hasn’t always been the case.