{"id":2771,"date":"2014-01-30T14:42:13","date_gmt":"2014-01-30T19:42:13","guid":{"rendered":"http:\/\/me-en.kaspersky.com\/blog\/?p=2771"},"modified":"2020-02-26T18:58:14","modified_gmt":"2020-02-26T14:58:14","slug":"what-facebook-needs-to-read-your-sms","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/what-facebook-needs-to-read-your-sms\/2771\/","title":{"rendered":"What Facebook Needs To Read Your SMS?"},"content":{"rendered":"<p><i>A new version of Facebook for Android drew some media attention because of the SMS reading permissions it requires, raising users\u2019 concerns regarding privacy. Developers do have a reasonable explanation, but is it indisputable?<\/i><\/p>\n<p><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/01\/05111051\/sms-1.jpeg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3625\" alt=\"sms\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2014\/01\/05111051\/sms-1.jpeg\" width=\"640\" height=\"480\"><\/a><\/p>\n<p>Any user of Android smartphone knows that Google Play displays a list of \u201capplication permissions\u201d before the app is actually downloaded to the user\u2019s device. Each permission, unsurprisingly, grants an application access to some smartphone resource. If the user doesn\u2019t want this app to use GPS or read his contacts, he can abandon app installation. There are no official tools to revoke specific permissions from an installed app. Most users don\u2019t bother with reading those boring permission lists (admittedly almost as boring as license agreements) and just press the \u201cInstall\u201d button. Those who actually read them have the chance to discover that SMS reading is just the cherry on top of the cake. The Facebook app actually wants to access every aspect and resource of your smartphone.<\/p>\n<blockquote><p>Google alerts about these permissions, requested by Facebook app:<\/p>\n<p>Record sound, Take photos and videos,<\/p>\n<p>Make phone calls, Read SMS\/MMS,<\/p>\n<p>Precise GPS location, Add\/modify calendar events,<\/p>\n<p>Read contacts, Read call logs,<\/p>\n<p>Control user accounts, Modify SD card contents,<\/p>\n<p>Use system tools, Full network access,<\/p>\n<p>Read phone status and identity<\/p><\/blockquote>\n<p>Facebook explains that SMS permissions are used with care when it comes to user security. If a user enables <a href=\"https:\/\/www.kaspersky.com\/blog\/podcast-two-factor-authentication\/\" target=\"_blank\" rel=\"noopener nofollow\">two-factor authentication<\/a> for his account, he must type both the password and the one-time security code sent via SMS during the login. To make things more convenient, a new Facebook app can intercept this SMS code so the user won\u2019t need to look at his inbox, memorize a one-time code, switch back to Facebook and key in the code manually. This kind of behavior is not unique. The popular Whatsapp messenger acts exactly the same way when binding your copy of the app to your phone number.<\/p>\n<div class=\"pullquote\">A new Facebook app, which is causing privacy concerns, can intercept the SMS permissions code so a user won\u2019t need to look at his inbox, memorize a one-time code, switch back to Facebook and key in the code manually.<\/div>\n<p>However, there is a difference between Facebook and Whatsapp \u2013 the latter has the official policy of \u201cno ads, no hunt for private data,\u201d while the former earns money through tailored advertisement and private data analysis. It\u2019s understandable that users aren\u2019t very enthusiastic about feeding Facebook even more data, especially when taking into account the somewhat vague language Facebook uses when <a href=\"https:\/\/www.facebook.com\/help\/210676372433246\" target=\"_blank\" rel=\"noopener nofollow\">explaining app permissions<\/a> on their help page. Developers explain why they use this or that permission, but state that this list of permissions is not complete and that each permission may be used in more ways that they list.<\/p>\n<p>Of course, this is not particularly reassuring. David Emm of Kaspersky Lab explains these concerns very clearly: \u201cSurely the app doesn\u2019t <b>need<\/b> to do this automatically. Facebook could simply prompt me to type in the code manually. Or, at the very least, provide this option. This may be a perfectly innocent feature. But in the light of growing concerns about online privacy, such an option would help to allay people\u2019s fears\u201d.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new version of Facebook for Android drew some media attention because of the SMS reading permissions it requires, raising users\u2019 concerns regarding privacy. Developers do have a reasonable explanation,<\/p>\n","protected":false},"author":32,"featured_media":2772,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[20,43,46],"class_list":{"0":"post-2771","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-facebook","9":"tag-privacy","10":"tag-sms"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/what-facebook-needs-to-read-your-sms\/2771\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/what-facebook-needs-to-read-your-sms\/2879\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/what-facebook-needs-to-read-your-sms\/3109\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/what-facebook-needs-to-read-your-sms\/3624\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/what-facebook-needs-to-read-your-sms\/2487\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/what-facebook-needs-to-read-your-sms\/3624\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/what-facebook-needs-to-read-your-sms\/3624\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/facebook\/","name":"Facebook"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2771","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=2771"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2771\/revisions"}],"predecessor-version":[{"id":15708,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/2771\/revisions\/15708"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/2772"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=2771"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=2771"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=2771"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}