Recently, Facebook released an update to its Anroid App, with a new set of permissions, outlined as below:
| Default | Modify Battery Statistics |
| System Tools | Automatically start at boot Expand/collapse status bar Send sticky broadcast Set wallpaper Set wallpaper size hints |
| Network Coms | Download files without notification Receive Data from Internet View Wi-Fi state View Network State |
| Messages | Read SMS or MMS |
| System Tools | Change Wi-Fi state Change network connectivity Display system level alerts Retrieve running applications Prevent phone from sleeping Write sync settings |
| Services which cost you money | Directly call phone numbers |
| HW Ctrls | Change your audio settings Record audio Take pictures and videos |
| Personal Inf | Add or modify calendar events and send email to guests without owners knowledge Read calendar events plus confidential information Read your profile data Read Contact data Write Contact Data |
First look at these permissions will raise quite a few eyebrows , as individually these permissions provide Facebook un-hindered access to you data but then when we analyze an application we have to dig in deeper into the over all functionality of the application we get a very different picture.
In order to get a better understanding in the business which an Android App may support, we take a look into few other apps.
Torch : Numerous Applications are available which will enable the Camera Flash to act as a torch.
Logically we would assume that the only permission that’s required by this app is related with accessing Camera’s Flash Light , however its not so , all the apps under this category require full Internet Access. For the sake of argument, we assume its to display the advertisements, but how many torch applications do display advertisements?
Moreover, we also find that numerous Torch Based applications require the permission to access SD Card Contents– now this permission beats all logical conclusions. So does a lot of other permissions which are logically not required by such Apps whose sole purpose is to shed some light into the darker areas of this world.
In the course of understanding the business logic of the App developers I have found just one Torch-based apps which require only one permission ie. Camera Flash , there might be others but uptill now “Torch Light” by SYAMU VELLAND is the only one which does the requisite function without the need for other fancy permissions.
However, when we take a look at the permissions required by Facebook App, it seems that the app is trying to gain access to each and every bit of information. Furthermore, taking into consideration the falk Facebook has been drawing over privacy issue, this raises a lot more concerns.
Would it be logically correct to base our fears solely on the permissions required by the Facebook App? In order to gain further insight, we compared the permissions required by Facebook App and Google+ Hangouts. Guess what, except for a few permissions rest all the other permissions remained the same.
The new set of permissions which Google+ Hangouts required are as follows:
1: Edit SMS or MMS, Read SMS or MMS, Receive MMS , receive SMS
2: Coarse and Fine Location using GPS
3: Directly Call Phone Numbers , send SMS messages
4: Control Near Field Communications
5: Receive Data from Internet
Sparing the 5th Point remainder of the points are either not existing in Facebook App or the Facebook Apps are at a lower stage of Information gathering, when compared with Google Hangouts App. In case someone mentions about “Calendar Events”, should take a look into permissions required by Google Calendar App.
So what exactly is happening out over here? The answer is simple: Facebook is trying to compete with Google+ Hangouts. However, Google+ Hangouts require more information from you than the Facebook App, so, does this make Google+ Hangouts more evil than Facebook App ? No, would be the right answer, as these organizations are trying to integrate your online presence with your real life, nothing more and nothing less. Secondly, the only worrying factor about Facebook’s App is the permission related to “Download files without notification”. What exactly is the intention over here?
To conclude, the worrying fact about both these apps is not related with the permissions but the data which is gathered and stored. How is it being used should be the question that should be asked.
In near future don’t be surprised when Facebook App, starts asking for your GPS position.
