A few weeks back, Facebook suffered a pretty big backlash when their Messenger app hit the headlines for the wrong reasons, but renewed investigations have seen the company have to answer a few more questions.
When everyone downloaded Facebook Messenger finally back in August (the company phased out the older version of the service), a lot of people questioned why they were handing over so many permissions to what should be a fairly simple app. Camera and microphone permissions were needed, amongst a whole host of others, and while the reasons for that are all above board (sending pictures and voice messages etc.), it did see people start to question what they were agreeing to a bit more closely.
One such person, Jonathan Zdziarski, decided that he would spend a day taking apart Facebook Messenger’s code on iOS (being an iOS forensics and security researcher) and found some things that the average user would be slightly worried about, saying on Twitter “Messenger appears to have more spyware type code in it than I've seen in products intended specifically for enterprise surveillance.”
Zdziarski told Motherboard that the app was logging more or less everything that you got up to while using it, from how long you spent in it to whether you were using it in portrait or landscape mode.
I've worked for companies writing corporate spyware for iOS that didn't know you could get some of this information.
— Jonathan Zdziarski (@JZdziarski) September 9, 2014
Facebook employees responded to him on Twitter saying that it's normal for them to get analytics and data in this way to help them improve the app for users, but Zdziarski remains unconvinced, adding in an email to Motherboard that "a couple hours of tinkering around isn't going to provide any meaningful conclusions, but there is a lot of code that suggests Facebook is running analytics on nearly everything it possibly can monitor on your device."
While that's a bit of a jump to make, it does once again raise the question of why these things would be programmed in, and Facebook declined to make any official comment to Motherboard when they approached them for one.
Another of the strange features was the inclusion of some ominous code at the end of a few strings of data which say "do not use or you will be fired".
I am pretty sure though that if average developers used some of the APIs Facebook is using to collect data, their app would be rejected.
— Jonathan Zdziarski (@JZdziarski) September 11, 2014
Another Facebook employee told Zdziarski that it was all an inside joke for the developers, and they appear on deprecated strings of code (code that's been superseded or is not in use anymore), but that's still enough to cause a few people to worry about why they're there at all.
Ultimately, as Zdziarski himself points out, it's down to whether or not you trust the app and the company behind the app not to use your data in a malicious way, or a way that you wouldn't want it to be used. When it comes to Facebook and their Messenger app, you need to think about how much data you're handing over to them in how many different forms, and whether or not you believe that they'll use it in the right way and not take advantage of their position, because "the technical capabilities to do so are certainly there."
The real message from all of this is that perhaps, if we are so concerned about our data and our privacy, that we begin to weigh it up with the benefits offered to us by the convenience of many of the apps, and that we use and ask ourselves "is it worth it?".
Via Motherboard