Oh, Facebook. All it wanted was to shift people to a new Messenger app, and conveniently extend its reach in the ways that people can use it to communicate (Phone calls! Synced contacts! Texts! Voice messages!) and people freaked out over its large number of very vague permissions.
According to Facebook’s help site, the permissions and an example of what they use the permission for is as follows — although they’re also careful to admit that the examples don’t reflect all of its uses of the given permissions, nor does the list it provides even account for all of the permissions that the Messenger app wants.
But here they are, directly quoted from Facebook:
- “Take pictures and videos: This permission allows you to take photos and videos within the Messenger app to easily send to your friends and other contacts.
- Record audio: This permission allows you to send voice messages, make free voice calls, and send videos within Messenger.
- Directly call phone numbers: This permission allows you to call a Messenger contact by tapping on the person’s phone number, found in a menu within your message thread with the person.
- Receive test messages (SMS): If you add a phone number to your Messenger account, this allows you to confirm your phone number by finding the confirmation code that we send via text message.
- Read your contacts: This permission allows you to add your phone contacts as Messenger contacts if you choose to do so. You can always stop syncing your phone contacts by going to your Messenger settings.”
Hmmm. Some of those sound an awful lot like the Rich Communications Suite (RCS) that is supposed to help mobile operators take back some ground from OTT players (coughcough) by tighter integration of things like SMS, presence info for contact lists, file-sharing, video sharing, group chat and other features.
But anyway, most of these appear to be related to service continuity and integration within an OTT app. Which I can recognize, as someone with familiarity with the mobile industry; so the ability to record audio doesn’t make me jump to “Facebook is going to wiretap my conversations!” (although apparently I can also opt to let Facebook listen in on my music and TV selections, which is a bit creepy).
I still haven’t switched to Messenger. Maybe it’s sheer contrariness at this point, since more than 50 of my Facebook friends have done so and other permissions — like being able to read, modify and delete information from my storage — only slightly raise my hackles. I mean, I do have the main Facebook app and that’s allowed to read my text messages as well as “add or modify calendar events and send email to guests without owners’ knowledge.” And I kept it even after the recent news that the company manipulated Facebook feeds to see how people responded.
There are lessons here for big data and privacy in relation to telecom. When do you ask customers for their permissions? Up front and in an all-encompassing way, so that they may balk at an enormous list? Or each time you want to add or change how you use their information, when the number of requests might turn them off? Consumers’ desire for control over their information isn’t new news. A 2011 eTrust survey on mobile privacy showed that 98% of consumers felt privacy was important for mobile devices and wanted more transparency and choices over how to share their data, particularly as related to advertising. Only 1 in 3 participants felt in control of their personal information on mobile, which eTrust said represented “a significant opportunity to build consumer privacy trust on the mobile platform through stronger protections.”
I don’t see the industry taking that opportunity, for the most part. On one hand, I do feel like my device security is getting better. I had never used the lock screen on my smartphones until I upgraded to the Galaxy S5 earlier this year. The fingerprint reader is so easy and so reliable that I hardly even think about it now, and that certainly protects my privacy in terms of anyone being able to physically access the contents of my phone. But when it comes to how often I am asked for permission to access information that feels unnecessary in regards to apps? That’s a whole different story. Does Pinterest really need access to my phone contact list and calendar?
As an Android user, I’m faced with a rather unpleasant all-or-nothing approach to app permissions. Some have gone so far as to call this approach “dangerous.” Apple, on the other hand, only asks for the permission when the user wants to use a function that requires the requested permission. This shifts the granularity — and the control — from the developer to the user. It radically changes permissions from OMG, Facebook will have access to everything I do with my phone, what are they doing with this stuff?!!? to Oh, Facebook, I want to send a picture and you’re asking for permission to take and send pictures? Makes total sense. Approved. Go on with your bad self, while I post my selfie. Asking for all permissions up-front makes sense from a simplification point of view — ask once and you’re done instead of asking with each function. But simplicity and transparency/control in this case are seriously at odds, and anyone who is interested in big data from user behavior should take note of the reaction that Facebook is getting. Meeting regulatory requirements for big data and privacy is one thing, but dealing with an increasingly aware (and perhaps slightly paranoid? And not entirely unjustified) public is another.
Messenger is still the top free app in the Play Store and the iTunes Store right now, so maybe this dust-up ultimately isn’t going to faze Facebook, even if they’re cringing at the reviews that slam them on the privacy aspect. My guess? Or maybe just a hope. I’d like to see Facebook update its main mobile application so that users can once again access their messages from a single app rather than requiring both Facebook and Messenger, and leave Messenger as an option for those who want the fancier, RCS-type integrated communications and are willing to accept the control trade-off — at least until their mobile operators offer the same functionality.
