More Indictments Against Android Privacy

March 27th, 2018

Yes, this article is about Android, but Facebook is a strong part of the picture. It’s not about Cambridge Analytica and that company’s alleged abuse of the personal data of over 50 million American users. That’s bad enough.

Instead, it’s about a published report in Ars Technica that impacts strictly Android users with Facebook accounts. It appears that, if you were using the Facebook app on an Android phone, the social network was evidently capturing your phone call and text messages metadata if your contact list was brought over.

Yes, we know that Facebook built a multinational corporation profiting on its users; yes you and me. It’s all about making your personal data accessible, so it seems only natural the your personal phone calls would be included as part of the process, so they know whom you’ve contacted. The data would include the person you called, when you called them, the duration of the call and when you texted.

It’s clear Google was complicit.

Says the article, “On Android, the door was left open for Facebook to easily pull down your data via Android’s early application programming interface, or API. Before the launch of Android 6.0 in 2015, to use an app you had to agree to all its permission requirements. In Facebook’s case, the company asked for the moon — access to all your data including your phone usage.

“With Android 6.0, Google introduced a permission model for Android app data access. Now when you install an application you must explicitly grant access to specific areas. You can also revoke these permissions.”

Of course, most users don’t read all those microscopic terms and conditions, so it may very well be that most of them wouldn’t notice any of this in setting up Android and Facebook. It’s very normal just to click OK or Agree when presented with some sort of online ingredient, regardless of what you’re agreeing to.

At the end of the day, however, saving one’s contact list to expand your Facebook presence is not the same as syncing calls and text histories. I’m not at all sure how anyone benefits other than some potential marketer for whom this sort of data is important. I dare say very few people knew they were giving Facebook permission to comb their call or SMS logs because they accepted some obscure agreement.

At least iOS users aren’t impacted by this outrageous behavior. Forgetting the platform wars, or the perceived benefits of the open nature of Android, do you really want to submit so much personal data to Facebook just to network?

But when it comes to Android, there’s more, a recent report about a vicious scheme of pushing malware to hundreds of thousands of Android users. Evidently it involved embedding the infection in seven apps available via the Google Play store. Six of the apps were QR readers, a seventh a so-called “smart compass,” and all slipped past Google’s automated security scans.

The specifics of the malware are less important than the fact that it happened. Sure, it was eventually caught, after a bunch of people were infected.

Now one hopes Google has learned its lesson, and that future app submissions will be more carefully checked for the presence of malware, but don’t bet on it. Rather than inserting this malware into high profile apps, they appeared in perfectly ordinary ones, which may be an object lesson. They are simple enough not to attract attention to themselves.

This is not to say that you shouldn’t use an Android smartphone. At the very least, buying a device with the latest version of Android would insure the highest level of security, more so if it’s a Pixel Phone by Google, which will receive the latest upgrades until the manufacturer decides to cast it aside.

All this comes not long after a published report appeared about a claim that Android had finally matched iOS in security. It’s utter nonsense as you might imagine, and not the first time Google executives have made such outrageous claims.

But the real victim here is the Android user. People have made a judgement that they prefer Android to iOS, don’t care about the platform, or just want to save some money. I wouldn’t begin to suggest that governments regulate the minimum amount of security a smartphone should provide, because some governments might decide to demand backdoors for law enforcement or just to monitor their citizens. As it stands, the FTC isn’t going to go after a tech company because its gadgets are less secure than they should be. The agency would only get involved if there was a danger to one’s health, such as those exploding batteries in the Samsung Galaxy Note 7.

Customer pressure might, but did Samsung lose sales because of that Galaxy Note 7 problem? Maybe at first, but such issues often disappear from the public’s memory if newer models are free of such problems.

In any case, the Facebook and embedded malware episodes are just two more examples of why one should be extremely cautious about using Android gear.

| Print This Article Print This Article

2 Responses to “More Indictments Against Android Privacy”

  1. dfs says:

    Here’s one of the major reasons I stick to Apple’s products and services through thick and thin. Many corporations are involved in one way or another in operations where they invite individual members of the public to trust them with their private information. Once a corporation possesses such information in sufficient quantity, the temptation to regard it as a marketable commodity to be “mined” or soldout right is all but overwhelming, and the news outlets are currently buzzing with examples where corporations have succumbed. Apple is the most conspicuous example I know about of a corporation which resists the temptation to go that route. Sometimes, in fact, Apple’s zealous (or maybe even overzealous) concern for my privacy can be annoying: all that rigmarole about two-step authentication, the frequent insistence that I change my password and so forth. But even at its most irritating it serves to remind me that here is one large multinational corporation which is firmly on my side and to which I can safely entrust my personal information. That is sufficient to earn my complete loyalty.

  2. dfs says:

    There’s one thing I should have added. After “the temptation to regard it as a marketable commodity to be “mined” or sold out right is all but overwhelming” I ought to have added this:

    (a temptation all the harder to resist because the laws against abusing personal information are so sketchy and inadequate for the protection of individual users)

Leave Your Comment