Facebook sucks up every contact in your iPhone and sells your mobile phone number to advertisers whether you want them to or not
Much has been written lately about the Facebook Android app harvesting call logs. I decided to download my own copy of everything Facebook knows about me and research for myself.*
A lot of research has already been done in the past few days about Facebook on Android, so I am going to focus on the shenanigans from the Facebook app for iOS, as well as another disturbing find regarding the sharing of my contact information with advertisers.
I found one particularly bizarre issue with the iOS app— Facebook is syncing all of my iPhone contacts even though I’ve never granted them permission to do so, nor is that permission mentioned in iOS (see below)
I also made sure there was no Facebook account in my “internet accounts” settings in iOS. Nope.
Just to be safe, I checked the Facebook account in the Internet Accounts setting on my Macbook (which I only use to share links). Sure enough, it also has not given Facebook access to my contacts nor my calendars.
To test if Facebook was still syncing my iPhone contacts, I added 3 new contacts. I waited a few hours, then downloaded my Facebook data again. Sure enough, all three new contacts appeared. Here are the three new iPhone contacts:
Every contact on my phone appears in this list of contacts in my Facebook data. I blacked out names, but you can see the last 2 digits of their phone numbers match up.
I found this especially disturbing, as iOS is supposed to be the platform that gives users more protections than Android, yet it seems Facebook is still harvesting our iPhone contact data without granular control that would allow us to protect that information.
As an Auxiliary Officer with the Ohio Highway Patrol, I also have Law Enforcement personnel in my contact list. Those folks I am particularly careful about, and it sickens me to know that their information was pumped up to Facebook without my consent (and shared with God-knows who else).
Facebook is also handing out our contact info to anyone willing to pay
Next, I reviewed my advertising data. Not surprisingly, Facebook knows all the ads I’ve clicked on (not many). But what is VERY surprising, is the extraordinarily long list of advertisers who “have my contact info”. These are advertisers whom I’ve never used the “login with Facebook” feature nor ever granted access to my contact information. So, presumably, these are advertisers who have purchased my contact information, which includes my cell phone number, from Facebook. Because they certainly never got it willingly from me. I’ve never even heard of the vast majority of these companies. Probably explains all the telemarketing calls…
I think Facebook has a couple of potential explanations. The first could be obfuscation. They could have buried something in some ToS somewhere that allows them to harvest my data, including call logs and contacts, even after I’ve rejected that permission.
Presumably they also told me they will sell my contact information to advertisers without my permission.
The second issue could be outright fraud. They could be fraudulently obtaining personal information (like our iPhone contacts) even after the user (in this case, me) has denied them access to do so.
In either case, shame on Facebook. Even if I give them the benefit of the doubt and assume I missed something buried in tiny font in a multi-page ToS, this kind of secretive data harvesting destroys user trust. At least tell us about it in an easily understandable way so we can make the choice.
Remember when Uber tried to track us even when not using the app and people lost their minds? This seems much worse.
But also, shame on iOS and Android for letting it happen. Everything Facebook is doing on their mobile app is entirely enabled by the Mobile OS.
Apple has always prided itself on protecting user privacy. At the very least, they should give us the option to select, at a granular level, which data we put on our iPhone gets shared with Apps. I’d imagine VERY FEW people want every new contact they put on their iPhone synced with all the apps on their phone and yet this is outside of their control.
I hope iOS, Android, and Facebook take the Cambridge Analytica fallout, and the recent revelations on Facebook's covert data harvesting, seriously.
I would ask them to enable granular privacy controls that allow us to explicitly decide what information is and is not shared, such as Contacts, Call Logs, SMS etc. iOS and Android could put such protections in place.
And they should. As soon as possible.
*Disclaimer: All of this research was done by me, mainly late at night over a weekend and has not been peer-reviewed. It is solely my opinion and any allegations made are just that — allegations that have not yet been proven.
