About Facebook (Application on Android)

When it comes to our personal information, Facebook want them all! Their android application is a brilliant scary example of this.

The fact that I’m writing about Facebook, of course, doesn’t mean that other applications are much better. Many of them require permissions which I can’t imagine why they would need.

Nevertheless, among applications which I’ve installed, Facebook absolutely is the worst example. Bellow is the list of permissions which they ask you for, before you can install their application.

The List!

Your personal information

Read contact data, write contact data.

Allows an application to read and write the user’s contacts data. I’d imagine this is needed for merging your Facebook contacts with your phone contacts. Additionally to that, it might be used for collecting information about existing users and non-users of Facebook.

Services that cost you money

Directly call phone numbers.

Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed. I’m not sure where (if at all) in Facebook application this is implemented.

Your location

Coarse (network-based) location, fine (GPS) location.

This might be used for advertisement and/or check in functionality which Facebook offers. Additional to that it’s also possible that Facebook is tracking your location, just to expand the amount of information they already have about you; as we know they’re planning to do this in near future more professionally.

Network communication

Full Internet access, download files without notification, Google Play billing service, receive data from Internet, view network state, view Wi-Fi state.

Google Play billing service allows an application to bill you directly for services through Google Play. I guess this has to do with the fact that you can pay for things through Facebook. The second thing worth noticing is download files without notification, the reasoning behind it supposed to be the usage of DownloadManager component for handling downloads. Again, I’m not sure where Facebook is handling downloads. Other applications like: YouTube, Firefox, Skype, Dropbox doesn’t require this permission.

Your accounts

Act as an account authenticator, manage the accounts list, discover known accounts, read Google service configuration.

Used for managing Facebook account; this is the account you can see in Settings > Acounts and Sync. Additionally this permission can be used so that Facebook can (for example) post on your behave on other services like Twitter, etc… In other words, it might impersonate you. Of course, you’d be asked (once) if you allow this.

Storage

Modify/delete USB storage contents.

Pretty much self explanatory, this allows Facebook to save (and delete) files from your SD card. Pretty much any application you install will require this.

Phone call

Read phone state and identity.

Among more common things, like seeing if you’re on a call, this permission allows Facebook to get:

  • unique device ID, for example, the IMEI,
  • software version number for the device, for example, the IMEI/SV,
  • numeric name (MCC+MNC) of current registered operator,
  • a constant indicating the radio technology (network type),
  • the serial number of the SIM, if applicable,
  • the unique subscriber ID, for example, the IMSI for a GSM phone,
  • if the device is considered roaming on the current network,
  • and the list goes on.

Hardware controls

Record audio, take pictures and videos, control vibrator.

Recording audio has legitimate uses such as note taking or voice search applications. While this permission is not typically dangerous, it is a potential tool for eavesdropping. The same goes for the take pictures and videos permission, which in theory might also be used maliciously, for example to snap unsuspecting photos, however this is rather unlikely in case of Facebook*. It’s worth mentioning that Tweeter application require only access to vibrator, YouTube application require only pictures and videos (but not recording audio).

* With a little bit of (paranoid) imagination, however, we can imagine how Facebook NSA is recording all our phone calls. But I guess that’s crazy assumption, they don’t need such primitive methods to achieve the same.

System tools

Display system-level alerts, prevent phone from sleeping, reorder running applications, retrieve running applications, write sync settings, automatically start at boot, install shortcuts, read Home settings and shortcuts, read sync settings.

It will allow an application to find out what other applications are running on your phone. Typical legitimate applications that require this permission include: task killers and battery history widgets. Why does Facebook need it? It’s social network application, it’s not task manager. Well, introduction of Facebook Home is supposed to be the reason; the second reason (perhaps even prevailing) is probably Facebook’s creepy hunger for information about you.

Conclusion

The tragedy is, that the Facebook application itself doesn’t offer much of functionality (or improved UX) compared to the browser’s version. In fact, it’s slow, buggy and offers pretty much the same interface. So why really bother with it? It seems the main purpose of it is just to collect as much of personal information as possible. So if you’re using Facebook, why not use browser’s version of it? And finally, even better, why not just stop using Facebook all together?