Facebook’s (NASDAQ: FB) algorithms may know who you’ve called from your Android phone. Reports have emerged that Facebook was surreptitiously tracking all calls and messages on some Android devices until October 2017.
The revelation comes days after reports emerged that British political consultancy Cambridge Analytica improperly accessed Facebook users’ information to build profiles on American voters. The leaders of the U.S. House of Representatives Energy and Commerce Committee have now requested that Facebook chief executive Mark Zuckerberg testify at a hearing about the social media company’s use of data.
The latest data scandal was sparked by a New Zealand man named Dylan McKay who was looking through Facebook data on him in an archive pulled from the social networking site. A number of other Facebook users have since spoken out about also finding data from their Android phones in the Facebook archives.
McKay found that Facebook had about two years’ worth of phone call metadata from his Android phone. The data stored by Facebook included names, phone numbers, and the length of each call made or received.
Facebook was able to do this by exploiting the way an older Android API handled permissions. Before, if you granted permission to read contacts during Facebook’s installation on Android, Facebook was granted access to call and message logs by default. The permission structure was changed in version 16 of the Android API.
Facebook says it uses phone-contact data as part of its friend recommendation algorithm. Facebook specified that it does not collect the content of calls or text messages and information is securely stored. The company also said that this data is not sold to third parties.
A Facebook spokesperson dismissed the data collection as anything nefarious, commenting, “The first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.” The spokesperson noted that installation of the application explicitly requests permission to access contacts, making contact uploading optional.
Facebook hasn’t been able to collect this data on iPhones thanks to Apple’s privacy controls. Apple iOS has never allowed silent access to call data. Those concerned about privacy should not share address book and call-log data with any mobile application. To retrieve a .zip file of your Facebook data, you can go to the Settings page on Facebook and click the link to download the information.