Its going around now that Facebook is attempting to shift its Messaging users from using the main Facebook app to the Facebook Messenger app. Many sites have posted stories (though admittedly dated) about the app's Terms of Service and its alleged capabilities.
Many of the permissions the app asks for strike me as technically impossible given iOS's sandboxing, but I'm not an iOS developer and can't speak to that with certainty.
Here's what the HuffingtonPost lists:
Allows the app to change the state of network connectivity
Allows the app to call phone numbers without your intervention. This
may result in unexpected charges or calls. Malicious apps may cost you
money by making calls without your confirmation.Allows the app to send SMS messages. This may result in unexpected
charges. Malicious apps may cost you money by sending messages without
your confirmation.Allows the app to record audio with microphone. This permission allows
the app to record audio at any time without your confirmation.Allows the app to take pictures and videos with the camera. This
permission allows the app to use the camera at any time without your
confirmation.Allows the app to read you phone's call log, including data about
incoming and outgoing calls. This permission allows apps to save your
call log data, and malicious apps may share call log data without your
knowledge.Allows the app to read data about your contacts stored on your phone,
including the frequency with which you've called, emailed, or
communicated in other ways with specific individuals.Allows the app to read personal profile information stored on your
device, such as your name and contact information. This means the app
can identify you and may send your profile information to others.Allows the app to access the phone features of the device. This
permission allows the app to determine the phone number and device
IDs, whether a call is active, and the remote number connected by a
call.Allows the app to get a list of accounts known by the phone. This may
include any accounts created by applications you have installed.
- "The Insidiousness of Facebook Messenger's Mobile App Terms of Service" – http://www.huffingtonpost.com/sam-fiorella/the-insidiousness-of-face_b_4365645.html#
It seems to me that there wouldn't even be APIs available for most of these actions.
Is it possible for Facebook Messenger to spy on me to this degree?
Best Answer
This answer is from a public API point of view. Jailbreaking will obviously change this. The permissions are clearly from Android where apps have much more 'free' access to the device—this is what the permissions translate to from an iOS point of view for this site.
Not going to happen. Apps can only read certain information such as Wi-Fi info (including but not limited to SSID, BSSID, vendor, IP, subnet mask and received/sent total since boot) and cellular info (including but not limited to carrier, country, network type, IP, MCC, MNC and received/sent total cellular data since boot). Apps can not change any kind of network information; they can't even change the Wi-Fi network.
Nope, making a call using
tel://(ortelprompt://) throws a huge dialog box on the screen at the OS level requiring the user to press Call or Cancel. As the dialog is at OS level, the app can't simply bypass it. The connection can't take place unless Call is pressed. Also, as this requires confirmation for each call, the call can't take place in the background without user interaction.This is the same as calling. Using
MFMessageComposerequires user confirmation at an OS level and can't happen in the background as discussed above.Attempting to access the microphone throws an OS level alert at the time the access is first requested by the app. Subsequent attempts at accessing the microphone will not require confirmation, but only when the app is in the foreground. Using the microphone in the background shows a double-height red status bar to inform the user of the case and using the microphone in the background must be initiated by an app that was in the foreground when the access was requested. Access can be removed from the app at any time in Settings → Privacy → Microphone.
Pictures do not require any special permission until iOS 8 and will then throw an alert like the microphone. Video requires the microphone permission, which throws an alert.
Nope, apps have no access to your recent calls list. The data is not accessible through APIs and is stored outside of any app's sandbox.
Contacts access is granted through an OS level alert. This grants read/write access to the contacts themselves, but no further information. Communication frequency, etc, is not able to be obtained as discussed for the previous permission.
This can only be obtained through the access of the 'me' card in your contacts, which requires the user grant specific permission at an OS level as discussed above.
An app can access the phone number that the device was activated with using NSUserDefaults. Note that this is the phone number the device was activate with and is not read from the SIM card. The UDID (Unique Device Identifier) was depreciated and Apple no longer accepts apps which access it. I'm not aware of any way to determine whether a call is active using public APIs and definitely not what phone number the call is with.
Accounts such as Twitter and Facebook require OS level permission to be granted to the app. Other accounts such as mail accounts can not be accessed by other apps. Apps that create accounts such as mail clients store accounts themselves as opposed to using the system's storage and therefore such accounts are not able to be accessed unless that app specifically shares such information in that way (for example, logging in to your Google account in the YouTube app also makes your account available in Google Chrome and visa versa).