Anyone with a rudimentary knowledge of how today’s mobile devices work will know that nobody can just write software that takes control of the various features of an Android or iOS device without asking permission. Smartphones and tablets connect several pieces of hardware that can work together, such as the camera, microphone, speaker, and many features such as a contacts list or SMS messaging. However only the software can activate them and only the user can activate the software. The Android platform requires that when an app is installed, the user must be notified which of a certain list of the phone’s features it is going to need to access. For example when installing a car finder app that helps to locate where one’s car is parked, the user is notified that the app uses the phone’s GPS capabilities. An imaging app that plays with photographs will need permission to make use of the camera for obvious reasons.
In December 2013 a blog posting on the Huffington Post copied and pasted the permissions used by the Facebook Messenger app, which are not much different from the permissions of many of the most popular apps on the Android platform, and built around it a story to appeal to the tinfoil hat-wearing crew. With the terrifying headline “The Insidiousness of Facebook Messenger’s Android Mobile App Permissions,” the social media paranoia machine soon took over and the post has enjoyed recurring waves of panic-sharing as people rush to delete the app from their phones. A cottage industry has sprung up of people re-hashing the article with “This will terrify you” click-bait headlines in an effort to drive more traffic to their websites irrespective of the veracity of the claims. A cursory read of the post would make it sound like the app is spying on users without their permission. Readers are led to believe that the microphone and camera will be switched on by remote overlords at Facebook headquarters, spying on their private and intimate moments.
There is just one problem: it is not true. The microphone cannot be used until the user requests it, nor can the camera or any other of the phone’s devices be activated without the user directly invoking them. Yes the app requests permission to directly dial contacts, but only because the app offers the ability to call one’s contacts through the app and speak over Wi-Fi or the mobile network.
Technology giants like Google and Facebook have been entrusted by the public with a vast amount of control over people’s data. While this is the price we all agree to pay in exchange for “free” services, it is good that these companies are held to account. However the Facebook Messenger scare is unfair and founded on poorly researched journalism and sensationalist click-bait reporting. The offending post, written by a Sam Fiorella who exhorts users to delete the app “now”, has so far been shared on Facebook nearly 230,000 times. Many of those shares have undoubtedly been on the main Facebook app, the permissions of which are not much different from those of the messenger app.
One of the strengths of the internet is that it has made information easier to access and distribute, but a side-effect is that it is just as easy to disseminate misinformation. Misleading information travels particularly quickly when combined with gimmicks that take advantage of the public’s lack of technical knowledge, press the emotional buttons, and exploit people’s fears.
A message that is worth sharing is that if an article calls for action out of fear, it should be first treated with skepticism, fact-checked through reputable sources such as Snopes, and definitely not shared before getting a second opinion.