Facebook was tracking your text message and phone call data. Now what?

If you installed a Facebook app to your Android smartphone, odds are good that Facebook has been logging your phone calls and text message data ever since.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

While Facebook boss Mark Zuckerberg was apologizing for giving Russian-linked Cambridge Analytica access to over 50 million US Facebook users' personal data, news broke that Facebook had been scraping call and text message data from Android phones for years.

If you looked closely, you would have seen Zuckerberg and company had been snooping on Facebook's billion-plus users since the beginning. Indeed, the company's entire business model is built on profiting from your personal data.

Also: Apple's Tim Cook: Facebook's privacy blunder 'so dire' we need regulations

That's not news, but we're only now realizing just how deeply Facebook data mines each of us including our phone call and text messaging records.

Tech site Ars Technica cited several users who discovered that if you used an Android phone and installed the Facebook app, the social network was likely logging your phone calls and text messages metadata ever since the Android app's inception.

By metadata, that means Facebook was tracking when you called, how long you were on the call, and when you texted. Facebook never had access to the content. For example, Facebook could know you called your mom every Saturday evening, but not what you spoke about

It appears Facebook could never pull this off on Apple's iOS. Another social network, the obscure Path, pulled down its users' contact information without permission years ago. Path apologized for this and deleted the data. Even as Facebook apologizes for its privacy invasions, the social networking giant isn't going that far.

On Android, the door was left open for Facebook to easily pull down your data via Android's early application programming interface, or API. Before the launch of Android 6.0 in 2015, to use an app you had to agree to all its permission requirements. In Facebook's case, the company asked for the moon -- access to all your data including your phone usage.

With Android 6.0, Google introduced a permission model for Android app data access. Now when you install an application you must explicitly grant access to specific areas. You can also revoke these permissions.

It's time to turn those off.

You may want to share your contacts with Facebook, but I'm hard pressed to think of a reason why you'd want Facebook to know about who and when you called or texted someone.

Anrdroid App Permissions

Don't permit Facebook, or any other app, to access data it doesn't need for its job.


To do this, open your Settings app and tap "Apps."

Then, click on each app. On the App info screen, you'll see a "Permissions" category. From here, click on "Permissions".

The next window lists all the permissions for the app. From the next "App permissions" screen, you can dive deeper into each app's permissions -- such as Camera, Contacts, Location, Microphone, Phone, SMS, and Storage -- and change them.

Be aware, some apps won't work without specific permissions. To stop Facebook snooping on your phone communications' metadata, turn Phone and SMS off.

What's that? You didn't specifically grant Facebook the right to keep an eye on your phones and texts, so you're good, right? Wrong.

Facebook apps kept using the older, but still supported pre-Android 4.1, software development kit (SDK) APIs' permission rules for years. This gave Facebook access to your call and message logs by default.

Google finally deprecated the Android 4.0 API in October 2017. After that, Facebook no longer automatically pulled down your logs.

Whether you're running an ancient phone with an old version of Android or a brand new Pixel 2 with Android 8.1, I'd double check Facebook and Facebook Messenger. It doesn't hurt to be cautious.

Facebook says that it's not the social network's fault, it's yours.

In a statement, Facebook stated: "Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android."

While that may be true, it's not all that obvious.

According to Facebook:

When you sign up for Messenger or Facebook Lite on Android, or log into Messenger on an Android device, you are given the option to continuously upload your contacts as well as your call and text history. For Messenger, you can either turn it on, choose 'learn more' or 'not now'. On Facebook Lite, the options are to turn it on or 'skip'. If you chose to turn this feature on, we will begin to continuously log this information.

Notice how they're talking about contacts, but not explicitly about your calling and texting history. If you follow their links, you're taken to a page that describes how to handle contacts for Messenger and the Facebook app. You must dive deeper still to find out how to turn off "Sync Your Call and Text History." This can only be done from the app's Permissions page.

To find out what Facebook has already collected from you, go to Facebook and create an archive. Take the following steps:

Go to the top right of any Facebook page and select "Settings." Click "Download a copy of your Facebook data" at the bottom of general account settings. Then, click "Start My Archive."

You'll need to confirm you want to do this. In a few minutes you'll get an email with a link to a zip file containing most of your Facebook information.

You'll find the information on your calls and texts in the contact_info.htm file in the html directory. At the bottom of the files, after your contacts, you'll see your call and message logs.

After you stop Facebook from gathering this information by either deleting the apps or changing their permissions, what will Facebook do with the data it already collected? Good question.

How to reduce the amount of information you send to Facebook

While Facebook claims, "You are always in control of the information you share with Facebook," we know that's not true, or it wouldn't have been sharing our data with Cambridge Analytica. In this specific case, Facebook hasn't said what it will do with the phone-related data.

While it is true that we installed the Facebook apps, 99 percent of us weren't aware we were giving Facebook permission to rifle through our call and SMS logs. Mind you, some of us knew as far back as 2011 that Facebook was playing fast and loose with our contact information. But, seriously, how many people pay close attention to our application permissions? Perhaps a few more than those who actually read end-user licensing agreements (EULAs)?

Facebook declares it doesn't collect the contents of calls or texts, and information collected isn't sold to third parties. That's not much solace to those whose data has been slurped up by the social networking giant.

Maybe Facebook won't do anything questionable with your data, but, given what we know now about how Facebook handles our privacy, do you really want to take that chance?

Related Stories:

Editorial standards