Sunday, September 14, 2014

Yet another reason to abandon Facebook RIGHT NOW


I've complained before about the abysmal so-called 'security' offered by Facebook to its users - security that in many cases is honored more in the breach (by the company itself) than in the observance.  It hides its intentions behind smarmy weasel words in its privacy policy and terms of use, so that unless they research the matter for themselves, few users realize how they're being treated like online versions of laboratory animals, their data sold to the highest bidder.

Now comes news that Facebook has taken their cavalier attitude to new depths.

It should come as no surprise that most mobile apps run some sort of analytics on user behaviour. But in the case of Facebook, the social network’s Messenger app for iOS apparently tracks quite a bit more than most users likely realize.

iOS forensics and security researcher Jonathan Zdziarski spent Tuesday morning disassembling Facebook Messenger’s iOS binary, at one point declaring via Twitter that “Messenger appears to have more spyware type code in it than I've seen in products intended specifically for enterprise surveillance.”

In an email, Zdziarski said that Messenger is logging practically everything a user might do within the app, from what and where they tap, to how often a device is held in portrait versus landscape orientation; even time spent in the Messenger app, versus the time it spends running in the background.

Some of this is expected behaviour for an app developer, of course. But of greater concern are the other things Zdziarski discovered, whose intended purpose is less clear.

“[Facebook is] using some private APIs I didn’t even know were available inside the sandbox to be able to pull out your WiFi SSID (which could be used to snoop on which WiFi networks you’re connected to) and are even tapping the process list for various information on the device,” he wrote in an email.

On Twitter, Zdziarski said he’s worked for companies that write enterprise surveillance software that didn’t know this level of access was possible.

There's more at the link.

Anyone who continues to use Facebook after knowing this, and understanding all of the company's previous efforts to strip you of every last vestige of privacy, deserves all they get.




Peter

2 comments:

Anonymous said...

Hear! Hear!

I quit Facebook a couple of years ago for those very reasons. they don't need to know everything about me.

IMHO Google is nearly as bad. I have removed all things Google from all my computers and mobile devices. Don't even use them for searches anymore. Duck Duck Go is a better alternative.

Rick T said...

Note that these were un-documented APIs in iOS.

All the more reason to stay far, far away from Apple products.