Digital Panic! No, Facebook is Not Spying on You Through Their Messenger App

UPDATE 05/01/12: For those of you searching for information about the “Copyright Meme” hoax of January 2015, I have written a new post dealing more specifically with that incident, but also drawing heavily from the warnings and advice I give here regarding having a healthy level of skepticism when it comes to Facebook status updates, and how to actually protect your digital self, see “Digital Panic 2.0! Facebook Are Still Not Going To Steal Your Copyright / Identity / Soul!” 

Just because the fourth instance of people reacting to the changes regarding the Facebook app and Facebook messenger app has come to my attention, I think I should make this clear; Articles and posts saying that Facebook can now spy on you and take pictures of you are sensationalist nonsense. There are a lot of people deleting the Facebook messenger app, and exhorting their comrades to do likewise in a fit of data-security-conscious zeal…. Perhaps missplaced zeal though, as to people like me, the “changes” in these app permissions don’t seem all that new or nearly as evil as they have been portrayed. If you already use the normal Facebook app, or even use Facebook at all, the permissions you are giving for the messenger app are really nothing new. If you’re truly worried about data protection and misuse of data, don’t use Facebook. My first piece of advice is that you read the page on this latest situation – “Facebook Messenger“. Indeed, any time you read something online which you think sounds a bit over the top, you should most definitely check Snopes to get a better idea of how well researched these ideas are.

I don’t mean to be flippant or insulting, rather I mean the suggestion to simply not use Facebook at all if you’re worrried about privacy quite seriously; if you are very conscious of data protection and privacy, social networks who make their money from data mining and advertising are probably not the way to go. There are many people who choose not to use such services, and there are indeed alternatives out there (such as Vivaldi). But the reality is that most online services which are “free”, and that includes your email account, will probably use more of your data than you might otherwise be totally comfortable with.

Nonetheless, I do in fact use Gmail, Google+, Facebook, Twitter and all the apps that go with them. This brings me to my next point, and a passionate belief of mine: The important thing is to understand the dangers of these services and the lack of data privacy, to be aware of who has access to what data and why. This does not mean that you have to then stop using these services or condemn the practices. It is, believe it or not, possible to know that Facebook collects perhaps too much data and uses it perhaps questionably and just to say “I’m ok with that. That’s the cost of a free service. I can live with that. But I’m glad I know it’s happening rather than being kept ignorant of the fact”.

I am all for people being better informed of the risks of various websites and services. This allows people to make up their own minds about how much data they want collected, used and/or shared. It is clearly preferably to people simply taking the word of their peers, and thinking “Oh, well if everyone else uses Facebook it must be fine” or “Well, if my friends are deleting the messenger app, I had best do so too”.

This problem is indicative of a greater problem we have with people either not understanding how data privacy and app permissions work, or being wilfully ignorant. This leads to a situation where apps such as Facebook messenger are the subject of witch-hunts. whilst other, similarly “insidious” apps don’t get nearly as much flak. This is very similar to the problem where Google are targeted regarding the right to be forgotten, but other search providers and similar services are not (as I previously discussed in light of the Google Spain “right to be forgotten” decision, see “Europe and the Right to be Forgotten: A Memorable Victory for Privacy or Defeat for Free Speech“). As Caitlin Dewey of Washington post points out;

In Facebook’s defense, there are plenty of legitimate reasons for requesting these permissions. Messenger needs access to your camera, for instance, so that you can send pictures, and few people would want to confirm microphone access every time they use the app to place a call.

These kinds of sweeping permissions are also extremely common — probably to a degree you don’t realize. Even the most vanilla apps collect extraordinary amounts of personal data: WeatherBug requests permission to view your Wi-Fi network and other devices connected to it; RunKeeper wants permission to read your contacts and call log; even the Kim Kardashian game, which is all the rage these days, logs your location, your device ID, and your incoming calls.

But at the same time, consumers’ unease is understandable, particularly since so few of us have any idea what we give apps permission to do. According to one study, it would take the average person 250 hours a year to read every terms of service he encounters on the daily — which justifies why fewer than one in 10 people actually read the terms in full.

In fact, our collective ignorance over this whole app permissions thing probably explains the hullabaloo over Messenger. Yes, it’s potentially “insidious,” to quote Fiorella, but so are WhatsApp, Viber, MessageMe and virtually every other popular messaging app, all of which request comparably creepy permissions. On my insidiousness scale, at least, that ignorance of the devices and programs we use every day probably ranks higher than one overreaching app.

It is easy to lose sight of the fact that many of the scarier sounding features of services like Facebook or Google do in fact have a benefit for the consumer. I remember when many people were, and still are, horrified by the idea that Google could track where you were simply through location settings like WiFi connections, without even the need for GPS. The prospect is indeed scary, that Google could tell everywhere you’ve been. But I also find this handy when Google Now spontaneously decides to tell me that my train is delayed (which, shock-horror, it knew by reading my emails! [kind of]) and suggest alternative routes, or when it decides to, unbidden, make a scrapbook of my weekend trip to Vienna complete with travel times, locations, photos and videos. Many people are uncomfortable with the efficiency with which many such services can operate by collecting all sorts of data on you…. But it’s also kinda cool.

I advocate an informed and responsible online presence, and can heartily recommend websites such as Lifehacker, who frequently have good advice on the safety and usefulness of certain services, such as “The Always Up-to-Date Guide to Managing Your Facebook Privacy” or “The Always Up-to-Date Power User’s Guide to Chrome“; and you will find guides online like “A Beginner’s Guide to internet Privacy and Security“; or services such as AdBlock(who very kindly allow you pay what you can for the service), which have made me so used to not having those pesky adds on so many websites, that I get a bit of a shock when I use someone else’s computer, or AdBlock Plus (confusingly named different entity altogether); Similarly it is important to have some decent internet security, such as AVG which has a rather robust Do Not Track feature. There are even more sophisticated measures such as Tor (explained nicely by Stuart Dredge of The Guardian here; “What is Tor? A beginner’s guide to the privacy tool“), which hides location and browsing habits…. and is so good at it, that even visiting the website might actually get you on an NSA watchlist. So… there’s that.

Back to the Facebook messenger app: The permissions regarding taking photos and recording audio (which have subject to the sensationalist suggestion that Facebook will NSA-style spy on your through your phone’s camera) are necessary permissions to allow the app’s new features where you can take and send a photo, video or audio clip from within the app with a push of a button. It does not, amazingly enough, give Facebook permission to take photos or record audio of you at any time. I cannot make this clear enough – that would be illegal for many other reasons (though, as alluded to above, this does not deter hackers or the NSA, who have similar disregards for the law by the looks of it). Obviously not all instances are reasonable, such as the famous case of a flashlight app which for some reason needed permission to access contacts and a number of other features which were obviously not needed for the functioning of the app, but were there to allow the creators gather more data.

Many of these worries where voiced by Sam Fiorella in his piece on The Huffington Post’s blog section, “The Insidiousness of Facebook Messenger’s Android Mobile App Permissions“, in a less alarmist way than most, but seems to have spurred many of the more sensationalist claims about the Facebook messenger app, not least because he ends his piece suggestions that “…the current situation goes too far. It’s time we stood up and said “no!””, and advocates deleting the app. Whilst he presents good arguments about the fact that apps do often ask for permissions and access to data which go well beyond what is required for the functioning of the app, many are of the opinion that these particular changes from using messenger within the earlier versions of the Facebook app and now switching over to the dedicated messenger app do not in fact go so unnecessarily far as people like Fiorella suggest. He does however point out one of the key problems of these sorts of services;

The fact that social media and mobile apps are so insidious is nothing new, we all know (or should know) that no app is truly free. “Free” online apps are paid for by the provision of personal data such as name, location, browsing history, etc. In turn, mobile developers and social networks charge advertisers to serve up highly targeted ads to specific groups of people.

Others, such as Christina Warren writing for Mashable,  have pointed out how little has in fact changed here, and that you have surely agreed to similar permissions already, making Fiorella’s singling out of the new version of the Facebook messenger app more than a bit bizarre;

The articles’ authors seem to not understand how Android’s app permissions work. That’s understandable: Android app permissions are kind of a mess. It’s one reason Google is going to great lengths to make app permissions easier to understand in Android L.

What’s not OK is firing up millions of users into being afraid that a messenger app is acting inappropriately because it requires access to a phone’s microphone to send voice messages.

As a Facebook rep told Mashable, nothing at all has changed in its Facebook Messenger permissions. If you installed the Facebook or Facebook Messenger app in the past, you agreed to give the app the same access that a person installing the app now would receive.

Warren’s article is particularly helpful as it goes through each of the changes with a reasonable, plain-language explanation of what that change does in fact mean – I highly recommend you read it if you’re still not sure. For those interested, Facebook have of course themselves reacted to the fury in a post entitled “Why is the Messenger app requesting permission to access features on my Android phone or tablet?“, though it’s not really as helpful as other articles written as a response to this groundswell of misinformed diligence.

Regarding the subsequent scares and less precise wordings of arguments like Fiorella’s: the people who write and forward these sorts of sensationalist stories about new changes generally either a) haven’t read the article in full, or the changes in question, b) don’t understand how to interpret terms and conditions or some aspect of law, or c) are wilfully trolling people, because there is very little people won’t believe about the depths of Facebook’s depravity.

This latest scare is very reminiscent of one about Facebook and copyright in your uploaded photos a while back, which showed the ridiculousness of some of the scare-mongering that results in such cases, even going so far as to refer to non-existent laws and to getting the name of copyright treaties wrong (the infamous “Berner” Convention). As ever, if in doubt, it! Snopes once again did a good job of debunking that particular rumour “Facebook Privacy Notice” which had people believing that they could stop Facebook using their photos by posting a copyright/privacy notice on their wall…. That’s….. That’s simply now how the law works. Sounds nice. But all it meant was that those who knew the first thing about the T&Cs of Facebook and/or copyright law spent 2 weeks or so on constant-facepalm-rotation. Even Facebook had to react to that most recent grass-roots movement against imaginary policies;

There is a rumor circulating that Facebook is making a change related to ownership of users’ information or the content they post to the site. This is false. Anyone who uses Facebook owns and controls the content and information they post, as stated in our terms. They control how that content and information is shared. That is our policy, and it always has been. Click here to learn more –

Indeed, Snopes’s discussion of that particular sensationalist scare ends with the same advice I would give those of you still worried about Facebook messenger and similar services;

If you do not agree with Facebook’s stated policies, you have several options:

Decline to sign up for a Facebook account.

Bilaterally negotiate a modified policy with Facebook.

Lobby for Facebook to amend its policies through its Facebook Site Governance section.

Cancel your Facebook account.

(Note that in the last case, you may have already ceded some rights which you cannot necessarily reclaim by canceling your account.)

I am not saying I support Facebook’s legal practices, but it doesn’t bother me enough to stop using their services. If you are really security conscious though, I suggest you don’t use Facebook at all. It might be best to move to an email service with better encryption. And start using Tor to make your browsing more secure. You should probably start using burner phones too. And if you want to be totally safe, removing all your teeth so the CIA can’t beam message into them (or something?) might sound a tad extreme, but it works (maybe?).

I’m not saying people are stupid for believing this, or even reposting these sorts of messages. Facebook is known for being less than transparent about it’s collection and use of data, I get that. I just want to make clear that the people who write the scare-mongering articles in the first place are more often than not either mistaken or lying.


~ Shane

Further Reading:

Alan Henry, “PSA: Your Phone Logs Everywhere You Go. Here’s How to Turn It Off”, Lifehacker, at

Caitlin Dewey, “Yes, the Facebook Messenger app requests creepy, invasive permissions. But so does every other app”, Washington Post, at

Christina Warren, “Don’t Freak Out About the Facebook Messenger App”, Mashable, at

Kim Zetter, “How to Keep the NSA From Spying Through Your Webcam”, WIRED, at

Phil Nickinson, “Facebook Messenger permissions: Not as scary as the stories might have you believe”, Android Central, at

Sam Fiorella “The Insidiousness of Facebook Messenger’s Android Mobile App Permissions”, HuffPost Blog at “Facebook Messenger App”, at

Tor Blog, “On being targeted by the NSA”, at

Whitson Gordon, “The Always Up-to-Date Guide to Managing Your Facebook Privacy”, Lifehacker, at


7 thoughts on “Digital Panic! No, Facebook is Not Spying on You Through Their Messenger App”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s