For years, we’ve complained about Android permissions being far too lax compared to iOS, but nothing quite prepares you for finding out that one of the most popular apps in the world has been tracking and storing your call and text history—but only if you were using an Android device.
Apple has always been very strict when it comes to permissions and privacy, so from what we know right now, Facebook was never able to get access to your call history if you are using an iPhone.
This was first brought to light by Dylan McKay on Twitter, who downloaded his archive from Facebook — we’ve got instructions on how to download your own archive here — and noticed a ton of call history.
Downloaded my facebook data as a ZIP file
Somehow it has my entire call history with my partner's mum pic.twitter.com/CIRUguf4vD
— Dylan McKay (@dylanmckaynz) March 21, 2018
This was further confirmed by Sean Gallagher at ArsTechnica, who found the same data in his archive, and elaborated further on the issue with Android permissions:
If you granted permission to read contacts during Facebook’s installation on Android a few versions ago—specifically before Android 4.1 (Jelly Bean)—that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API…
The problem was finally solved by Google in October of last year, but considering how many people are running out of date Android versions, it’s definitely not “solved” quite yet. Maybe the increased scrutiny on Facebook will force them to re-think how they do things.