Feeds

Facebook denies poaching your text messages on Android

Newspaper fingers FB and YouTube App perms

SANS - Survey on application security programs

Facebook has dismissed allegations in The Sunday Times that the web giant's Android app can hoover text messages from phones as "creative conspiracy theorising".

Flatly denying the claim published by the broadsheet at the weekend, the social network's UK office said its app's ability to access text messages was open and transparent, and that Facebook isn't actually looking at text messages anyway.

The Sunday Times has done some creative conspiracy theorising," the rep said in a statement: "The suggestion that we're secretly reading people texts is ridiculous. Instead, the permission is clearly disclosed on the app page in the Android marketplace and is in anticipation of new features that enable users to integrate Facebook features with their reading and sending of texts."

The permissions page for the Facebook app on the Android App Marketplace does clearly state this feature of the app:

Facebook added that although its app does have the permission to read, send and edit text messages in a user's phone, it's not something it does. The biz said it has been using the feature to a "limited" extent to road-test a messaging service:

However, other than some very limited testing, we haven't launched anything so we're not using the permission.  When we do, it will be obvious to users what's happening.  We'll keep you posted on our progress.

The product under tests will require the SMS part of the phone to talk to the Facebook app, Facebook asserted. It's "a piece of dormant code used to run a limited internal test of a new feature," said the spinner.

The permissions issue is as much one for Google as Facebook: Apple's iOS walls off certain phone functions from third-party apps - including text messages and phone functions. But on Android phones that information is accessible to apps, provided the user agrees on downloading the app.

The Sunday Times article also highlighted that the YouTube app on Android was capable of remotely accessing and operating users' smartphone cameras to take photographs or videos at any time. The app store permissions reads:

Allows application to take pictures and videos with the camera. This allows the application at any time to collect images the camera is seeing.

Google did not respond immediately to a request for comment. ®

3 Big data security analytics techniques

More from The Register

next story
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.