Facebook, Flickr, others accused of reading text messages

Facebook, Flickr, others accused of reading text messages

Summary: Reports surfacing this weekend claim that popular smartphone applications can access users' text messages amongst other personal data, even when that phone is not being used.


Updates: see below.

Application developers and store operators are in for further rough times, as reports emerged this weekend that a number of popular smartphone applications, including Facebook, YouTube, Flickr, and others, can access private text message data or other personal information.

The Sunday Times (paywall) reported that Android and iPhone users are vulnerable to such invasions of privacy, though it is unclear whether application developers actively access data, or whether it is a result of poor security permissions.

It is claimed that some applications can intercept phone calls, while others can allegedly remotely access a smartphone's camera, or even pinpoint its location without the user's knowledge.

Since the Path debacle, Facebook and Twitter later became embroiled in the privacy row, whereby contact list data was uploaded to their servers.

Apple responded by rolling out a fix --- thought to be currently in development, though no definitive date on when the fix will reach consumers --- which would require explicit user consent before contact list information was accessed.

But as terms and conditions are often criticised for being overly complicated and lengthy, the vast majority of users unwittingly allow such actions through accepting such terms.

The application industry is thought to be worth over $6 billion annually. Arguably the blame does not only fall on the developer, but the major application store owners, like Apple and Google, for allowing the applications to be downloaded. They have also criticised for failing to secure mobile devices against such data harvesting expeditions.

While Apple has an incredibly strict terms and conditions for submitting applications to the Apple App Store, Google does not. The search and mobile giant still removes applications daily that are found to contain malware.

One concern for many is that applications solely created for the purpose of accessing such information are being downloaded, in amidst a transatlantic shift on data protection and consumer privacy rights.

Update 1: Headline edited for accuracy. As per the table, YouTube does not collect text message data, but has the ability to collect calling information "among other things", a Google spokesperson said. They did not wish to comment further.

Update 2: That was quick. A Facebook spokesperson said there is "no reading of user text messages." Facebook calls out the Times piece as "completely wrong", but acknowledges that the Android application permissions require SMS read and write capabilities.

Facebook said that lots of communications apps use these permissions, and the application technically has the capability to integrate with the phone's SMS system, but added that it is for testing purposes.

The company did not respond to the claim that the Times "admitted" to reading text messages, however. One question answered, and another ten questions open up.

Illustration modified; original credit: London's Daily Mail.


Topics: Smartphones, Legal, Mobility, Security, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Here's an invasion of privacy for you Zack: eMail is clear text

    That is a 'biggy'. But nobody wants to raise an issue about it.

    Funny because, we put letters in envelopes, for what?
    (Hint: Answer is P-----y).
    See if you can guess the answer! :/
    Dietrich T. Schmitz *Your
  • QUi bono?

    So who benefits here?? What's the point? Data mining or voyeurism? Did nobody else see this coming? Nearly all of our social media platforms are interconnected in some ways, and this shouldn't come as a real shock. Ill-gotten text messages, however, are NOT admissible in court, so most shouldn???t have anything to worry about.
    James Keenan
  • Testing

    "for testing purposes" <giggle>.
    They don't test this stuff, do they?
  • No Clear Text

    3 years ago I decided to create a web app that allows a conversation to take place online between 2 and ? individuals in complete privacy. Every message in a threaded conversation is encrypted while in-transit and while at-rest on the server. Participants must be invited to a thread and must log in to view and respond. Unlimited files up to 30M each can be attached to a thread and those are encrypted as well. The thread creator can create the passkey used to encrypt the thread content. This prevents unauthorized parties from prying into what users are sharing. The app is ad-free and cost-free. If interested, Google "private, secure, encrypted". It is the first non-ad result.
  • Backdoors?

    Are there any backdoors? Are these apps actually accessing or cameras or do they just have access?
  • More info

    What would be useful would be more information; so, when the app says it's going to access ... , why:
    So, it makes sense that Flickr has access to the camera; so that you can upload to Flickr directly from it. Were it to say "So that you can upload photos directly ... and that's all we'll do" - that would be fine.
    Ditto facebook & texts; were it to say "so that you can update your status by text & get status updates by text [by the way, you can set it so that you can choose which updates you get - many people like to get just messages & status updates from close friends] - we won't do anything else :)"
    To me, both of those are explanatory & clear - and are reasons I'd be perfectly happy with (bar the fact I've set Facebook not to send SMS updates at all, but that's by the by)
    • You are right

      Apps also need the phone radio state so they pause while you are on the phone. Many of these app rights are legitimate needs but can easily be used for theft. Afterall how is the facebook app going to add your facebook contacts and pix to your address book and without that right.
  • Grred or Fear is the question we need to ask.

    Greed brings fear. It is carrot and stick story not greed but this days ???If you do not do as I tell you to do, you will be on the street tomorrow??? What is that, fear or greed. ??? I would say bot. The boss wants me but is not telling me and I will not say a word as I too am greedy for the little cash I earn. Remember the story of the doctor. Dr Peale visited a doctor who was on the phone, he pointed the chair and gestured Dr. to sit down. Then he said ??? Gee these telephone started bugging me???. Dr. Peale looked at him and said??? If there is noise, thank the creator for this. If no one calls you, you will out on the street wondering what is happening. I have no idea how you would define this. But more on the fear and less on the greed. I will manage with little cash but I want more that is the economic policy and no one will stop me going for more cash no one. I thank you Firozali A.Mulla No MALICE to any
    • Clozapine and Lithium

      You appear to have forgotten to take your meds.
  • And on it goes

    Um, if they "responded by rolling out a fix" then it would be out already, NOT in development.
  • My Fitness Pal

    This app actually says right in the terms and conditions that it will access your contacts, camera, etc... but it's buried, or was when I was going to put it on my tablet. After reading the T&C, I opted not to install. Now, I read the T&C on every app before I install. There've been a couple since then that I was not comfortable with.