Facebook Collected Call and SMS Metadata From Some Users’ Smartphones

Facebook app

Several Facebook users who downloaded an archive of their Facebook data in the wake of the Facebook-Cambridge Analytica scandal discovered this week that the social network’s mobile applications have been recording —in some cases— much more information than most people were expecting.

Logged information includes data on all phone calls made on the phone, the start time o each call, its duration, and the contact’s name. The Facebook app did not log phone calls to and from numbers not saved in the phone’s address book.

The app also gathered information on all sent or received SMS messages to contact list entries. Facebook did not record the SMS’ actual text.

The phone and SMS scraping behavior was confirmed earlier today by several users on Twitter, Reddit, and HackerNews, but also by this reporter, and an ArsTechnica journalist.

How to download this data and verify yourself

The reason why only now people have noticed this issue is because of the Facebook-Cambridge Analytica privacy scandal that erupted last weekend, and after which many users decided to deactivate or delete their Facebook profiles.

One option during the deletion process is that users can download a backup of all the data Facebook has gathered about the user.

This is the same data that users can download by pressing the “Download a copy of your Facebook data” link that has been recently added to the main Facebook account settings page.

Link in Facebook settings where users can download all their data

Facebook does not log calls and SMS metadata by default. Not all accounts that Bleeping Computer checked had this information stored in the Facebook account backup archive.

This data was only collected when users allowed the Facebook app to tap into the user’s contact list to find new Facebook friends using the phone numbers stored in the phone’s address book.

Reasons unknown why Facebook collected this data

It is unclear, though, why the Facebook app logged metadata for phone calls and SMS messages, as all the data it would need to discover new friends for a user’s account was in the contact list alone.

One “theory” would be that Facebook was gathering this information in an attempt to determine what are the people a user likes to keep in contact the most and prioritize updates from that person.

We were on a tight deadline with this story, but we have reached out to Facebook with a request for comment on the exact reasons the company was collecting the timestamps of phone calls and SMS texts and what was its purpose in the grand scheme of things. We’ll update the story if we get a response.

One of the Twitter users who spotted this weird behavior from the Facebook mobile app also created a Ruby script that analyzes the Facebook backup archive and creates nice summaries.

Summary of Dylan McKay script
Script output [Image credit: Dylan McKay]