When it comes to our personal information, Facebook want them all!
Their android application is a
brilliant example of this.
The fact that I’m writing about Facebook, of course, doesn’t mean that other applications are much better. Many of them require permissions which I can’t imagine why they would need.
Nevertheless, among applications which I’ve installed, Facebook absolutely is the worst example. Bellow is the list of permissions which they ask you for, before you can install their application.
Your personal information
Read contact data, write contact data.
Allows an application to read and write the user’s contacts data. I’d imagine this is needed for merging your Facebook contacts with your phone contacts. Additionally to that, it might be used for collecting information about existing users and non-users of Facebook.
Services that cost you money
Directly call phone numbers.
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed. I’m not sure where (if at all) in Facebook application this is implemented.
Coarse (network-based) location, fine (GPS) location.
This might be used for advertisement and/or check in functionality which Facebook offers. Additional to that it’s also possible that Facebook is tracking your location, just to expand the amount of information they already have about you; as we know they’re planning to do this in near future more professionally.
Full Internet access, download files without notification, Google Play billing service, receive data from Internet, view network state, view Wi-Fi state.
Google Play billing service allows an application to bill you directly for services through Google Play. I guess this has to do with the fact that you can pay for things through Facebook. The second thing worth noticing is download files without notification, the reasoning behind it supposed to be the usage of DownloadManager component for handling downloads. Again, I’m not sure where Facebook is handling downloads. Other applications like: YouTube, Firefox, Skype, Dropbox doesn’t require this permission.
Act as an account authenticator, manage the accounts list, discover known accounts, read Google service configuration.
Used for managing Facebook account; this is the account you can see in Settings > Acounts and Sync. Additionally this permission can be used so that Facebook can (for example) post on your behave on other services like Twitter, etc… In other words, it might impersonate you. Of course, you’d be asked (once) if you allow this.
Modify/delete USB storage contents.
Pretty much self explanatory, this allows Facebook to save (and delete) files from your SD card. Pretty much any application you install will require this.
Read phone state and identity.
Among more common things, like seeing if you’re on a call, this permission allows Facebook to get:
- unique device ID, for example, the IMEI,
- software version number for the device, for example, the IMEI/SV,
- numeric name (MCC+MNC) of current registered operator,
- a constant indicating the radio technology (network type),
- the serial number of the SIM, if applicable,
- the unique subscriber ID, for example, the IMSI for a GSM phone,
- if the device is considered roaming on the current network,
- and the list goes on.
Record audio, take pictures and videos, control vibrator.
Recording audio has legitimate uses such as note taking or voice search applications. While this permission is not typically dangerous, it is a potential tool for eavesdropping. The same goes for the take pictures and videos permission, which in theory might also be used maliciously, for example to snap unsuspecting photos, however this is rather unlikely in case of Facebook*. It’s worth mentioning that Tweeter application require only access to vibrator, YouTube application require only pictures and videos (but not recording audio).
* With a little bit of (paranoid) imagination, however, we can imagine how
Display system-level alerts, prevent phone from sleeping, reorder running applications, retrieve running applications, write sync settings, automatically start at boot, install shortcuts, read Home settings and shortcuts, read sync settings.
It will allow an application to find out what other applications are running on your phone. Typical legitimate applications that require this permission include: task killers and battery history widgets. Why does Facebook need it? It’s social network application, it’s not task manager. Well, introduction of Facebook Home is supposed to be the reason; the second reason (perhaps even prevailing) is probably Facebook’s creepy hunger for information about you.
The tragedy is, that the Facebook application itself doesn’t offer much of functionality (or improved UX) compared to the browser’s version. In fact, it’s slow, buggy and offers pretty much the same interface. So why really bother with it? It seems the main purpose of it is just to collect as much of personal information as possible. So if you’re using Facebook, why not use browser’s version of it? And finally, even better, why not just stop using Facebook all together?