We should all be aware of what we’re signing up for when we accept Terms of Service agreements for websites and apps. We should be concerned about how much of our otherwise private data they can access, track, store, and distribute. We could start by not giving websites and apps so much of that “private” data, but that’s another subject entirely. However, an article from the Huffington Post has crossed the line and sparked online paranoia and fears that Facebook’s standalone Messenger app (now mandatory if you want to use the service’s private messages on mobile) is stealing all your data, even using your phone’s camera and microphone to record you without your knowledge or permission.
There is a lot of ignorance in general about what app permissions do. Yes, it does sound scary for an app to request for the ability to “call phone numbers without your intervention”! But probably only until you realize that app has a phone calling feature that needs that permission to operate. That’s exactly what’s going on here. HuffPo’s article (from December 2013!) has compiled a list of permissions that correspond to features most people don’t realize their FB Messenger has. The journalistic pros at the Post (a marketing consultant wrote the article) don’t even attempt to inquire as to why the app would need these specific permissions.
So allow me to explain, line by line:
- Allows the app to change the state of network connectivity
If you’ve never noticed, when you first open Facebook Messenger, it briefly displays a “Connecting…” status bar at the top of your conversation. (Too briefly for me to snap a screenshot.) This just connects the app to the wifi or mobile network. But presumably if you aren’t connected and attempt to use the app, which requires a connection, the app will attempt to connect to one for you. How “insidious”…
- Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Malicious apps may cost you money by making calls without your confirmation.
For several months now, probably beginning right around the time this permissions request was added to the app, Messenger has had the ability to make free voice calls separate from your phone’s default calling service.
This sends your recorded voice over your data connection (using a good chunk of it in the process, so be careful using it), not your CDMA or GSM phone signal. The “without your intervention” clause here is just a catch-all. The app only calls numbers when you do so (unless the NSA decides otherwise, of course, but they don’t need your app permissions to do that anyway).
- Allows the app to send SMS messages. This may result in unexpected charges. Malicious apps may cost you money by sending messages without your confirmation.
You may also be unaware that Facebook Messenger used to have the ability to act as your default SMS client.
Before this feature was discontinued in October 2013 due to lack of use, Messenger could replace the standard texting app your phone uses. It would have needed this permission, along with several others, to do so. The permission hasn’t been removed yet, unfortunately, but just like government, apps are loathe to relinquish powers even after they no longer need them. Just in case! In this case, the app technically cannot use this permission until Facebook tries to add another SMS feature into the app.
- Allows the app to record audio with microphone. This permission allows the app to record audio at any time without your confirmation.
Again, this is to make the embedded calling feature work. If the app can’t record your voice on its own, it can’t make calls for you.
- Allows the app to take pictures and videos with the camera. This permission allows the app to use the camera at any time without your confirmation.
While almost everyone knows you can attach photos to Facebook messages, many don’t know that the app itself can take those photos instead of just choosing them from existing ones.
It can be faster if you’re already having a conversation to just snap a pic (or record video!) with the app than to switch to the camera, take a photo, switch back to Messenger, then attach it. No one is spying on you.
- Allows the app to read you phone’s call log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge.
- Allows the app to read data about your contacts stored on your phone, including the frequency with which you’ve called, emailed, or communicated in other ways with specific individuals.
- Allows the app to read personal profile information stored on your device, such as your name and contact information. This means the app can identify you and may send your profile information to others.
- Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.
These are likely all relics of the now-defunct SMS feature. SMS clients all use your call log, contacts, phone account, and phone features to fully operate. If Facebook Messenger was your SMS app for the brief time it had the ability to be, it would have needed these features, not just the one to actually send the SMS.
- Allows the app to get a list of accounts known by the phone. This may include any accounts created by applications you have installed.
Newsflash: Facebook is an account on your phone. In order for Messenger to work, you have to have a Facebook account enabled. This would check for that in the unlikely event that you haven’t installed Facebook before installing Messenger.
It’s telling that before the Huffington Post story that’s now (re)circulating about this issue, InfoWars, the literal mother-lode of all things paranoid and conspiratorial, was first to notice it. While the bilge Alex Jones spews usually begins with a kernel of innocuous truth, it’s quite safe to discount all of it as a farcical self-parody.
Or is that what they want you to do…