Facebook is under fire right now over reports that the company improperly scraped call and text data on Android phones with its Messenger app. Of course, Facebook denies the allegations, saying that Android users “opt in” to the scraping.
In another arena — i.e. Twitter — Oklahoma’s practice management guru, Jim Calloway, weighed in on a similar thread about Google’s privacy settings, suggesting that the companies ” make privacy settings too complex.”
It is not that Internet users are unconcerned about privacy. It is just that Facebook and Google seem to intentionally make privacy settings too complex. Plus updates & more apparently reactivate things you thought you had turned off. See this thread:
— Jim Calloway (@jimcalloway) March 26, 2018
Perhaps that’s true. But I believe that we, the user, are sometimes too complacent in approving or managing our app’s permissions. (Note that the Ars Technica post alleges that the author and at least one other user never approved Facebook Messenger’s use of contacts.)
App permissions in Android
As part of its mandate for device protection, Android allows users to turn on and off app permissions. This theoretically occurs with each with each app installation or change — the application is supposed to ask the user for permission to use an unapproved resource like camera, contacts, or storage.
The ability to turn off or on a previously-granted permission can be found in Settings > Applications > App Settings > Permissions in each individual application.
As I said earlier, “No permissions allowed” theoretically means that the app can’t access sensitive areas of the Android OS, such as contacts.
However, and this is why I’m skeptical about the Facebook report, I think most people accept the new permissions without seeing the repercussions. Additionally, I think we generally forget about our applications once they’re installed. I’m guilty of both. Just check out my granted permissions in both Facebook and Messenger.
I also downloaded my Facebook data, and discovered that although I couldn’t find phone calls, some of my contact’s information was shared in Facebook — I had allowed Facebook and Messenger to access my Contacts, but had already turned off phone, SMS, location, and calendar. And of course, like any good conspiracy theorist knows, this suggests that Facebook has already scrubbed the information from their servers.
Really though, if you haven’t downloaded your Facebook data to take a look, you really should spend a minute browsing around. I think you’ll be terribly surprised.
But what about Google stealing my private stuffs?
Jim’s comment criticizes Google for “complexity,” but as I explained over here, Google’s My Account helps you manage your data in a similar manner. The site is easy to navigate and gives you full control over your account — albeit, I do have a bit of frustration with YouTube, so I’ve totally blocked that app.
Incidentally, you can easily turn off location tracking in Android by going to Settings > Location, and then turning it off.
Personally, I haven’t had a problem with location settings being turned on without my authorization.
In My Account, you can shut off location history by going to My Activity > Activity controls > Location History, and flicking the button.
In defense of “Big Brother”
Before someone takes this post out of context, or at least accuses me of supporting Google or Facebook’s actions, let me be clear: I think there’s mud on both companies. I think the numerous experiences of users in the Ars Technica story are probably true…to some degree.
But more importantly, I think we’re too casual about the apps we allow to access our social media data. And I think we spend too little time auditing the app permissions we’ve granted. Now think of the last time you viewed each app’s permissions. I’ll bet it’s close to never. You “set it, and forget it.”
So do yourself a favor, and really see what information you’re sharing with each app, and ask yourself why that app needs the particular permission to function.