large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Facebook has been scraping users’ call and message logs — but only on Android

Users downloading their Facebook data have discovered that the social media firm’s app appears to have been keeping a record of their phone calls and messages. 

The discovery first emerged when Twitter user Dylan McKay downloaded his Facebook data and discovered that it contained his entire call history with his partner’s mum. Further investigation revealed that it also contained metadata about all of his sent and received text messages.

These details were present when other users downloaded their Facebook data, Ars Technica confirmed. Importantly, the data only shows that Facebook has a log of messages and calls, not that it has any knowledge of their contents. This data is used to feed the social media network’s friend recommendations algorithm.

Facebook responded to the allegations over the weekend, saying that the feature was opt-in and that users would have had to expressly agree to the practice, however people have since alleged that this was not made explicit enough.

“Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android. This helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook,” the company wrote.

“People have to expressly agree to use this feature. If, at any time, they no longer wish to use this feature they can turn it off in settings … and all previously shared call and text history shared via that app is deleted. While we receive certain permissions from Android, uploading this information has always been opt-in only.”

An Android problem

Facebook only appears to have this data for users of the Android app. iPhone users appear to be unaffected. The reason for this comes down to the permissions Android used to give its apps. Prior to Android version 4.1, if you gave an app permission to read ‘contacts’ it would also get access to your call and message metadata.

This was later changed, but apps that predated the changes appear to have been able to avoid complying with them, by specifying an earlier version of the Android SDK.

Although the practice was fully brought to an end when support for version 4.0 ceased last October, the controversy raises further questions about the security of Android when so many devices are still running older, outdated versions of the software. Meanwhile iOS has never allowed silent access to call and message logs, and Apple’s update process means that the majority of iDevices are running the latest version of the software.

Did you opt in to the feature obliviously? Share your thoughts with us @TrustedReviews.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.