Did Facebook Steal Your SMS and Call History?

Facebook has been keeping a record of your text messages and call logs (with your consent) through their official Android app and has been doing so for the past few years.

Everyone’s mad at Facebook – after a research company, Cambridge Analytica “legally” salvaged personal data belonging to 50 million Facebook accounts and used the data to help Donald Trump secure his electoral win, the social media giant is in huge trouble and is currently facing a major controversy.

A software developer, Dylan McKay, discovered that Facebook had been keeping a record of his calls and texts when he downloaded his Facebook account data.

Facebook responded to this discovery saying that this was done “with consent” and that “people have to expressly agree to use this feature”.

Though Facebook repetitively reassured that this data is not sold or used for purposes other than “providing a better experience across Facebook”, some people have unknowingly granted access to the app unaware of what kind of data Facebook collects.

Friend Recommendation Algorithm

According to Ars Technica, Facebook’s data archive had been storing call logs and both SMS and MMS metadata since 2015. Upon inquiry, a Facebook spokesperson told that availing this feature is entirely optional and users can choose whether to opt-in or not. Users also have the ability to delete this data by accessing Facebook’s desktop version. The spokesperson added,

The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.

Sometimes, it is surprising to see a familiar face in the “People You May Know” section even when you have no mutual friends – apparently, Facebook uses this data to support it’s friend recommendation algorithm to suggest relevant Facebook profiles.

In recent versions, Facebook and Messenger actually do ask for the user’s permission before getting access to call logs and SMS, however, some users may have given access unknowingly due to changes in the way Android handles app permissions.

Android At Fault

Google changed Android’s permission structure a few years back when Android 4.0 Jelly Bean rolled out. Before, apps could only get access to read contacts stored in a device.

Android’s permission structure changed in Android 4.1 Jelly Bean (API 16). Due to this, users that had allowed Facebook access to their contacts inadvertently allowed the app access their call logs and SMS thanks to Android’s updated permissions.

This issue has already been fixed, however, until Google deprecated Android API 16 (in October 2017) Facebook has had complete access to calls and text of users who gave permission this way.

In case you are wondering, iPhone and all iOS devices were not affected by this as Facebook never got “silent access” to iOS user’s call logs and SMS.

How to Disable This

Deleting your contacts from Facebook’s archives is possible, however, it’s unclear whether purging contacts from the servers also deletes call and SMS data. You can try downloading your Facebook archive after clearing your contacts to see if your call and SMS data got purged. Ars Technica wrote,

Facebook provides a way for users to purge collected contact data from their accounts, but it’s not clear if this deletes just contacts or if it also purges call and SMS metadata. After purging my contact data, my contacts and calls were still in the archive I downloaded the next day—likely because the archive was not regenerated for my new request. (Update: The cached archive was generated once and not updated on the second request. However, two days after a request to delete all contact data, the contacts were still listed by the contact management tool.)

Another thing you can do is disable contact-syncing in the Facebook Messenger, for both Android and iOS:

  1. From Home, tap your profile picture in the top right (top left for iOS) corner.
  2. Tap People
  3. Go to Synced Contacts to turn this setting on or off

Or better yet, if you want to prevent Facebook’s access to your Android device’s data, you can clear permissions following these steps in Android:

  • Go to Settings
  • Select Applications (or Apps)
  • Find and open Facebook from the screen

method for removing permissions from facebook

  • Tap Permissions
  • Enable or disable your preferences

enable or disable facebook permisions from android

  • One golden saying..if you using some thing Free. You are the product then…not only FB but all other major players have access to this data for better services e.g. Imo or viber etc..

  • Freaking out about facebook/google having your data is like freaking out that the waiter at the restaurant knew what you ordered, how much you ordered, how much you paid, how much was left over and who were you with

  • close