If you’ve follow news about social networking giant Facebook at all, you may have noticed a series of news articles over the last week raising concerns about the permissions Facebook Messenger users grant Facebook in order to use the app caused quite a stir online. It even caught the attention of some local luminaries in the tech field.
If you use Facebook Messenger this is what you agreed to: pic.twitter.com/FFPKVVX686
— Michael Jordaan (@MichaelJordaan) August 4, 2014
A number of people were outraged and deleted the app from their devices. I was one of them. But, after thinking about it a little more, I have it back on my iPad and iPhone.
The more I think about the “aggressive app permission (sic)” you grant Facebook, the more I think Facebook is a victim of its own transparency. The permissions cited in the Huffington Post article titled “The Insidiousness of Facebook Messenger’s Mobile App Terms of Service” by Sam Fiorella certainly do seem worrying, but are they?
Skype may gather and use information about you, including (but not limited to) information in the following categories:
(a) Identification data (e.g. name, username, address, telephone number, mobile number, email address);
(b) Profile information (e.g. age, gender, country of residence, language preference and any information that you choose to make available to others as part of your Skype user profile as further described in section 6);
(c) Electronic identification data (e.g. IP addresses, cookies);
(d) Banking and payment information (e.g. credit card information, account number);
(e) Call quality and survey results;
(f) Information about your usage of and interaction with Skype software, products, websites and marketing communications (including computer, platform, device and connection information, client performance information, error reports, device capability, bandwidth, statistics on page views, calling destinations, and traffic to and from our websites, browser type and Skype WiFi enabled hotspot detection and usage statistics);
(g) Products or services ordered and delivered;
(h) The URL of videos that you have selected to appear in your mood message;
(i) Skype test calls made to ECHO123 (which are recorded and played back to the user and deleted thereafter);
(j) List of your contacts and related data (we will give you a choice as to whether you want Skype to use contact lists from other services to populate your Skype contacts);
(k) Your username and password for other email accounts where you have provided this to us and requested us to search for your friends on Skype (please note that Skype does not retain this information after completing the search or use it for any other purpose);
(l) Correspondence between you and Skype;
(m) Traffic data (data processed for the purpose of the conveyance of communications or the billing thereof, including, but not limited to, the duration of the call, the number calling and the number called); and
(n) Content of instant messaging communications, Voice messages, and video messages (please see section 12);
(o) Location information, derived from your mobile carrier or from the mobile device that you use, and as described in further detail in section 16, below;
(p) Mobile device information, such as manufacturer’s name, device model number, operating system, carrier network;
(q) Location information, device identifiers and standard identifiers of the Wi-Fi networks your device detects, when you search for or connect to a WiFi hotspot;
(r) Access tokens for other accounts you associate with your Skype account (such as Microsoft account or Facebook), which are like an electronic key provided by the service that acts in place of a password for authentication.
I’m sure you will find a few items in that list that will concern you but here’s the thing: in order for these services to operate, their proprietors need to have your permission to operate aspects of the services. In Skype’s case, the company uses your personal information listed above to –
provide internet communication, video sharing and other products in particular to convey the communications and videos you and others make by means of the Skype software and/or the Skype products
In Facebook’s case, Facebook was much more specific about what it does with your personal information which is still governed by the general Facebook Data Use Policy. When you go through that list of permissions you’ll begin to understand why they are probably necessary. For example –
- “Allows the app to record audio with microphone. This permission allows the app to record audio at any time without your confirmation” is probably necessary to be able to send voice messages or place voice calls over a data network. Remember that this is a data service so audio you intend sending to a contact doesn’t magically appear on the other side without the app somehow capturing the data representing that audio and transmitting it. The first step in that process is probably recording it.
- “Allows the app to read you (sic) phone’s log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, malicious apps may share call log data without your knowledge” is probably necessary to give you an indication of who you have called and give you information about your calls. This permission also highlights the fact that Facebook warns you about the risks of giving access to your Facebook profile to untrustworthy apps and services.
- “Allows the app to read data about your contacts stored on your phone, including the frequency with which you’ve called, emailed, or communicated in other ways with specific individuals” is necessary to give you insight into who you have communicated with, bearing in mind that you can communicate with your contacts in different ways using Messenger.
- “Allows the app to read personal profile information stored on your device, such as your name and contact information. This means the app can identify you and may send your profile information to others” is necessary to enable the app to maintain an awareness that you use the service and tell your contacts that you are also using the service so they can reach out to you.
Each of these permissions may seem to be “insidious” but each is required to enable a facet of the service. There are certainly reasons to distrust Facebook and that is another discussion altogether. If you don’t trust Facebook then you’re probably either not using it or carefully moderating your use of the service overall.
Whether you use Messenger should be informed by the extent to which you trust Facebook, not by the very explicit and informative permissions Facebook seeks from you in order to use Messenger. If anything, Facebook is just proving that it has come to a long overdue realisation that there is no benefit in deceiving users.