“Over the last few days there has been a constant scrutiny over Facebook having access to your SMS. Buried within the latest update for Facebook’s Android app is a feature that is causing growing concern among some users,” Kaspersky said in a statement today.
No immediate comments were received from Facebook.
Facebook is one of the companies that has been accused by US Whistleblower Edward Snowden of sneaking in to private information to help National Security Agency of US in spying at global level. The social media firm has denied that allegation.
The Facebook application at the time of installation on Android mobile phones seeks certain permissions and the updated version now asks users to allow it “Read your text messages (SMS or MMS)”.
The social media’s logic behind seeking access to SMS is that “if you add a phone number to your account, this allows us to confirm your phone number automatically by finding the confirmation code that we send via text message”.
The updated Facebook application now wants to “Read calendar events plus confidential information” which it justifies as it is required to allow “the app to show your calendar availability (based on your phone s calendar) when you re viewing an event on Facebook”.
Facebook sends code via SMS that has to be entered when a user registers with the social media website which in a way helps the company verify the authenticity of users twice.
“Two-factor authentication provides an extra level of security, so it’s good to see Facebook providing this option … As a final note, we’d urge people to carefully check the permissions requested by any app when you first install it,” Kaspersky Lab’s Principal Security Researcher David Emm said.
Kaspersky added the permissions also grants access to multimedia messages, for which reason is not explicitly given.
It expressed apprehension on the word ‘automatic’ used in the permission sought by Facebook.
“…the key, it seems to lie in the word ‘automatically’. Surely the app doesn’t need to do this automatically. Facebook could simply prompt me to type in the code manually. Or, at the very least, provide this option,” Kaspersky said.
It added that this may be an innocent feature “but in the light of growing concerns about online privacy, such an option would help to allay people’s fears”.
Facebook is reported to have 93 million users in India out of which 75 million access it from their mobile phone as of December 2013.
The permissions sought by Facebook are apart from similar permissions sought by Google’s Android platform in the name of Facebook.
The social media company on its website said: “Keep in mind that Android controls the way the permissions are named, and the way they’re named doesn’t necessarily reflect the way the Facebook app uses them. We realise that some of these permissions sound scary, so we d like to provide more info about how we use them.”
On the issue of permission sought by Android to access information and edit feature in user’s phone, Google has earlier said, “Its an app which you (user) have choice of installing.”
Facebook – with more than 1.2 billion users worldwide – is celebrating its 10th birthday amidst challenges of keeping its original base of young users with new innovative social networks coming to the fore.
The company was launched by Mark Zuckerberg on February 4, 2004, from Harvard University.