Sean Gallagher, Ars Technica:
This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years’ worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received.
This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us — my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata.
Facebook responded by claiming that this creepy spyware they call a “feature” is only available through Messenger and Facebook Lite with explicit user opt-in, but Gallagher is reporting that neither app was installed on the specific device he found call history for, nor does he recall consenting to Facebook tracking his messaging history. Facebook also says that they don’t record the contents of phone calls or messages, which is awfully similar to the defence repeated by the NSA after it was revealed that they were collecting the same kind of metadata. That’s probably not the kind of comparison Facebook would like to strike, but it isn’t inappropriate.
Also keep in mind that several people had to write the code that makes this possible: someone had to write the Android API that allowed these logs to be monitored, while someone else had to write Facebook’s end that made this whole thing possible. Then there were managers and quality assurance staffers who could have objected to this capability. It took years for this functionality to be stopped for third party apps on Android.
For what it’s worth, this story applies only to Android users, because of course it does; iOS has never allowed a third-party app to silently monitor call or messaging history.