Facebook has been scraping metadata from users’ telephone calls, including names, phone numbers, whether the calls were outgoing or incoming, as well as call length it was revealed this week.
The discovery was made by a man in New Zealand who was looking through the data Facebook collected on him after downloading an archive from the social media site. The information was pulled from the man’s Android phone through its Messenger app.
The experience was found to be shared other users who relayed their findings to the Tech-news publication Ars Technica. In a blog post “fact-checking” the discovery, the social media giant denied any untoward activity.
“Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android. This helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook. People have to expressly agree to use this feature. If, at any time, they no longer wish to use this feature they can turn it off in settings, or here for Facebook Lite users, and all previously shared call and text history shared via that app is deleted. While we receive certain permissions from Android, uploading this information has always been opt-in only.”
But some users’ experience seems to directly contradict these statements. New Zealander Dylan McKay, for example, says that he installed Messenger in 2015 but only allowed the permissions required for installation. He never gave the app express consent to collect call data. He says he has even uninstalled and reinstalled the app several times over recent years but was never prompted for separate permission for the call information.
The Ars analysis found that while the collection of the data was opt-in, it was not the default installation setting for the app. Facebook also never communicated that it collected this data – it was discovered basically by accident.
Facebook began expressly asking permission to collect SMS text and voice call info in 2016, when they began prompting users to make the social media platform their default texting application. The company was criticized for their technique at the time: giving users a large “OK” button for confirmation but no readily obvious way to decline.
The company says it keeps all call metadata securely stored and does not sell the information to third parties. “You are always in control of the information you share with Facebook,” it says. But it does not address why not only information that identifies individuals in your contact list is stored, such as names and phone numbers, but also information that shows the level of interaction you have with your contacts, such as dates and times of calls and texts, as well as phone-call duration.
Facebook has been harshly criticized in recent weeks for the role it has played in the harvesting of data from up to 50 million users’ accounts by a research firm involved in influencing political elections. Facebook says the data research firm violated its terms of service, but it has been revealed the company decided not to inform users that their data had been compromised, nor did they follow up with the company to confirm the data had been destroyed as was requested.