Dylan McKay discovered this covert monitoring scheme by Facebook after perusing information about himself and his contacts that Facebook had apparently stored in an archive. Based on what he was able to pull up, McKay was shocked to learn that Facebook had stored about two years' worth of phone call metadata, or basic incoming and outgoing call information, from his Android phone – including names, phone numbers, and length of calls made.
Disturbed by what he had discovered, McKay tweeted a screenshot on his Twitter account of the call log that Facebook had compiled. He wrote below the photo that he had downloaded this data as a ZIP file from Facebook, noting that it contained his "entire call history with [his] partner's mum."
Once the news got out about this major data breach, many other Facebook users conducted similar experiments and found that the social media giant had been collecting call data on them, too. It appears as though the only people being victimized by this invasion of privacy by Facebook are Android users, though it's possible that there are other devices that Facebook is capable of hacking as well.
After being alerted to the situation, Ars Technica writer Sean Gallagher performed his own independent assessment and, sure enough, he was able to pull up a similar call log from Facebook that had been pulled from his Android device. He then contacted Facebook to find out why this was occurring, to which he received the following somewhat erroneous response from a Facebook spokesperson:
The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it's a widely used practice to begin by uploading your phone contacts.
It isn't that people are upset about their contacts being synced to Facebook's platform, but rather that Facebook appears to be monitoring how people are using their Android mobile phones (and possibly other brands and systems), as well as keeping tabs on other personal information like employment status and political affiliation. And while users are given the option to opt out of syncing their contact information with Facebook, this does not appear to be the case with call and text logs – at least until recently.
According to Ars Technica, more recent versions of Facebook's Messenger app for both Android and Facebook Lite devices makes an "explicit" request to users to access their call and text logs. But in years past, even if users didn't give permission to Messenger to access this data, it appears as though the app collected it anyway.
"If you granted permission to read contacts during Facebook's installation on Android a few versions ago – specifically before Android 4.1 (Jelly Bean) – that permission also granted Facebook access to call and message logs by default," Gallagher writes. "Apple iOS has never allowed access to call log data by third-party apps, overt or silently, so this sort of data acquisition was never possible," he adds.
Even after going in and purging his contact data from Facebook's servers, Gallagher found that his contacts and calls were still in the archive that he downloaded the next day. This suggests that anything Facebook users attempt to "delete" from their accounts never truly gets deleted.
Sources for this article include: