Facebook new app update let them record sound & video from your phone, at any time, without your con

deleted

reply to post by karen61560


Could be only sound recording and everything you say is streamed to a database somewhere, your purse is always with you right?

reply to post by 0mage


Like i said before, "little knowledge is dangerous" because you clearly have no idea how permissions work. You failed to read the official Google primer on permissions for developers.

Understand the difference between dynamic and static declaration of permissions. Once you understand why static declaration of apps is important for security then you should have an idea of why it is not a good idea to install an app that claims to change dynamically permissions of other apps. This creates security loops holes in your android and all thanks to paranoia and lack of understanding. I should know because I have experience in computer programming and algorithm design.

If you don't want an app to run in the background just remove it from sync list, and stop its process, then limit number of processes to one. You don't need an app for that.

It is actually not that hard to develop your own task manager for android. Here is a Source Code (link) you can modify to suit your needs.

Originally posted by MrMaybeNot
reply to post by scoobdude

 

Old people and computers? Please look at the permission full wording again and think of the implications. It could have been adapted to the specific app need. If old people raise these questions than maybe they're right? I have no big worry for today or tomorrow. But it's a backdoor that could be used against us in the upcoming years. These people have long term plans, there's a reason behind everything and more often than not it's not the same reason they're selling it for.

Again, if you do not know what a PID is and/or how to stop it or other useful linux knowledge or think that rooting is "dangerous" etc then there is a lot to learn. Cameras are not just used for taking pictures. DVDs are not just used for movies. And there are more and better audio formats than MP3. your individual knowledge level is what will restric you from finding out what these permissions can and cannot do.

And then you have to move beyond the fact this is only control at a local level. Considering all phones made after 96 have gps they can easily find where you are. There is a reason why some manufacturers are chossing not to have removable batteries. There is software that can hide alot of your presence and there is others that can broadcast it.

My point is once you start to see more and more of the picture you will see that there are more and more ways you CAN protect yourself. I am not saying I agree with these app permissions for the app and so i offered a solution (use the mobile page). But I also see what they are trying to do with the app (merge the messaging part)

so please be more aware not more scared

reply to post by scoobdude


I know about computers, you may be right, but still, the app is allowed to use the camera and mic at any time, whether you are asking for it or not.

Originally posted by ziplock9000


Because the update allows for speech and pictures to be sent in that chat app.

So of course it will ask for those permissions.

Did you not read the update notes?

/sigh

Wrong! Nice try at sounding smug like if u know something but let ME.. enlighten YOU!

those permissions have been with the app since multiple previous version. how do i know? because i have the backup apk of ALL OF THEM!

i just spent the better half of my evening attempting to get to the bottom of this. ive installed pretty much all the facebook apps on and off the market and have done extensive testing with facebook's new update as well as the previous versions going back to 1.7.1.

now let me tell you... Those permissions are in there from 1.9.10 and there was no voice message service then. this update is just to cover their tracks with that as far as im concerned. so ur point is null and void. try again.

NEXT
the facebook app is as i theorized utilizing the camera app when the user activates the photo option. notice what happens when u tell it that u want to shoot video and not just a photo.. it switches completely over to the default camera app.

having disabled the permission for facebook to use the camera at any time without your confirmation does one thing and one thing only. removes the ability for the facebook app to do any image capturing via the gallery at any time. and naturally defaults to the camera app for picture and video. u can then shoot ur photo or video and select it as u normally would and it would upload to ur facebook page with 0 hassle using ur external gallery and camera apps. not a problem!

i have 2 camera apps, so naturally it asks me which one i'd like to use. and u know what. i like it that way. facebook's native camera access is denied. and if ever it tries to access my camera im going to have a nice popup asking me which camera id like to use.

i do not like the clauses "at any time" and without your consent" with facebook. with my camera app.. fine.. but not facebook. if it ever feels like using my camera or record audio.. it's going to have to ask me!

while i was doing all these installs and setups i noticed another thing, thanks to my firewall which adapted to each install. installing facebook for the first time it ASKS to read my contacts, to which i said.. NO don't sync. and guess what.. i get a notification that it tried anyway to read my contacts. if not for my firewall it wouldve. so ive also disabled that permission in my permissions manager so it wont happen again.

frankly i dont care if u or anyone else says "it's safe" for facebook to have such permissions on my device. the FDA said the same thing about GMO. i got a brain i use for myself and make decisions for myself. and my decision is to block access of facebook to any features that can be used maliciously and have them refer to an external app to do the job. that to me.. is excellent. i will NOT allow facebook direct camera or audio path access without consent at any time. i dont know what that means. but to be sure.. BLOCKED!

my facebook is now running with only 19mb memory usage. HA! top that.. ANYONE!i bet u everyone here has a facebook using about 100mb or more of their memory.

coupled with anonymous proxies and fake gps injection.. i am fcking invisible!

this video actually sums up everything discussed in the thread so far.

also.. while we're stating our credentials.. i come from a background of clearing viruses/worms and rootkits.. professionally! and without antivirus software. i know how to sniff them out. i also know all about rootkits and hidden filesystems.. the two when put together can literally never never never never get detected by ANY antivirus!

Originally posted by 0mage
also.. while we're stating our credentials.. i come from a background of clearing viruses/worms and rootkits.. professionally! and without antivirus software. i know how to sniff them out. i also know all about rootkits and hidden filesystems.. the two when put together can literally never never never never get detected by ANY antivirus!

edit on 20-1-2013 by 0mage because: (no reason given)

So you posted about have two apps and none as default. Those are the solutions people who are not willing to uninstall teh app need to get into their hands. But just saying the verbage is covering the behind (while true) falls right into the category of not pooping or getting off the pot. So be helpful not spread fear. awareness is one thing but acting like this is the end of the world is not.

things you can do:
1) write google/facebook and complain about the permissions
2) use an app to block specific permissions
3) use the mobile webpage where those permissions are not allowed (for now)
4) have no default app for the camera (does not fix the mic issue)
5) don't use facebook on your phone/delete acct etc
6) don't use a smart phone
7) just end your internet session now and forever.

What I am trying to say is people need to understand what they should be afraid of and HOW TO FIX IT. Like I said I do not agree with the way the permission is quoted but just making a big stink about that part only helps no one. Telling people because A cause B to happen you now have option X,Y and Z to remedy it. solution people, not more fear mongering.

how interesting, what happens if you live in a state where wire tapping is illegal, and you accidently record audio because it came on during a shoot out with cops in the area?

who gets screwed, google/facebook or you?

its funny about 6 months to a year ago many on tv news networks were saying reports say if you dont have a facebook people will look at you like you have something to hide, employers wont like it, they even had some wacko psycologist saying he believes serial killers would be people with out facebook pages, potential dates wont like it, but the past couple major incidents all these people had facebook pages, ironic?

or are agencies cherry picking people with facebook and profiles to set them up, and now they will record you when you dont know about it so they may pick up 5 years worth of you speaking, now they can add pictures and splice your voice into sentances and make you look like a REAL criminal heh.

reply to post by scoobdude


ive posted the solutions in my method of dealing with it.. i have 2 camera apps because one of them provides me night vision with ir led lighting. i could select one or the other and make them default.. but id rather not.

about making a big stink, that was hardly my intention.. but u know what. i think they deserve it. itll reach more ppl that way.

if u think ur safe with the browser u'd better check the permissions of the browser ur using as well. opera mobile browser currently:

reads system logs (for why?)
access coarse location (for what? it doesnt post ur location with anything u upload or post on the web so why does it need this info?)
requires the same camera permission facebook is requesting (and we know opera does not take pictures )

in addition to that, opera parses all traffic of users that use it's mobile browser thru a transparent proxy. and does not give u an option to not use it. this proxy, while arguable could speed up browsing by storing a cache of pages uve loaded.. can store alot more than just that if they have set it up that way. we have no way of knowing what they store.

the major point is.. these smart fones have been turned into and are being used as spy devices to monitor the population of the world right now. and there is more and more evidence supporting that every day! had i known this would make a stink i wouldve done more to make it stink even more. let ppl be aware of the possibilities and choose whether they dont mind the possibility that while they are taking a dump and browsing their fone.. some guy or girl in a computer room isnt oogling their private parts. or while skyping with their gf/bf someone could be listening in on their conversation.

the right to privacy is being removed for civillians while being incremented for the politicians. just as the gun debate issue.. which isnt really a debate at all.

the politicians that believe they should spy on everyone to avert a couple terrorists.. who they created in the first place with their policies.. should all kill themselves for such ineptitude to find a reasonable solution.

if ur going to use a smart phone, prepare to be logged and tracked in every way possible. we're just talking about 2 apps so far but this goes straight thru embedded into the android system and it's services. i hope my posts on this thread would give at least some an idea how to protect themselves without being too paranoid. we're not going to hamper the device's features unless we absolutely do not need said feature.

if u think ur safe with iphone or windows mobile.. think again. theyre all working together.. against you the consumer. u work hard and buy a device and they still want to tell u what u can and cannot do with it with threats of voiding the warranty if u do such and such. well ill tell u what. my device is mine. and i will do what i can to secure it and maintain my privacy. i will go thru every single app and subsystem and examine it's permissions and decide if i need that app to have that specific permission or not. and when im done im going to examine the source code of certain suspect apps.

it is pathetic what they are doing, the push for the cloud.. the sudden change in the android ICS 4.0+ which no longer allow u to store your contacts and access them locally without syncing them to your google account. demanding your information for the use of their service.

well we have options too:
we can install ad blockers like ghostery which will block every ad on your facebook and utube pages making them clean and also denying facebook the 2 cents they get from every ad displayed while ur browsing.. the ads themselves collect data on u!

we can root and install permission managers on our devices and lock it down from external access as best as possible. and android with its linux base is ideal for us to fight back for our privacy.

all the hype and cloud marketting is nothing but a persuasion attempt at having all ur data fully accessible to them without the need for hackers to hack into ur database or servers and personal computers. u wont be able to work on new inventions without them knowing... u wont be able to anything without them jumping on it to finish and patent it first.. or failing that.. come and take over your organisation.

Not even ATS is safe.. and they know it!

Originally posted by 0mage

if u think ur safe with the browser u'd better check the permissions of the browser ur using as well. opera mobile browser currently:

reads system logs (for why?)
access coarse location (for what? it doesnt post ur location with anything u upload or post on the web so why does it need this info?)
requires the same camera permission facebook is requesting (and we know opera does not take pictures

)

the major point is.. these smart fones have been turned into and are being used as spy devices to monitor the population of the world right now. and there is more and more evidence supporting that every day

I dont know if you know that accessing the camera gives an app permission to write to gallery or in other words, save pictures in gallery. Even in Windows phone or iOS, apps that need to store pictures in gallery need access to the camera. It is a layer of security. Any browser that will need to save pictures to the gallery (say from a website) will need permission to access camera.

Lets just keep conspiracies out of this one and try to understand how the system works.

And i still want to see your system log file. You might have inadvertently compromised your system or worse... damaging your phone

yes i do know that.. like i said.. it defaults to whatever other gallery app u have installed or asks u which app ud like to use to access the gallery. my aim is to restrict facebook and google apps which are using their "backdoor in plain sight" approach and convincing ppl that it is all safe.

we can leave my system log out of it. i can analyse it myself thanks.

id like someone to answer me some questions..

what does facebook require 14mb of code to do that other apps accomplish in as little as 106kb?

why am i forced to sync my simcard contacts to my google account before my fone recognizes them and makes them available for access in my phone contacts list.

why does opera need my location data?

why do these suspect intrusive apps not have an option to completely exit them as other apps do? instead these apps stay running once an account is tied to them. gmail/facebook/ google maps

i await ur answers from ur indepth knowledge of the android system and app behaviours.




also glad u took so long to respond.. ur not quite right about the camera permissions once more. disabling the camera access permissions on the camera app itself allowed the camera to function and write to the gallery, but it was unable to bring up the android default gallery to view the picture from within the camera app. but the picture WAS written to disk and saved.

so it is the same thing happening with the facebook app. disabling the permission disables facebook automated access to the gallery/camera apps and asks for ur permission to use one of the others.. excellent!

Originally posted by ziplock9000
*snip*

Picture from my Android TV box: (same thing was asked on my phone)
*snip*

edit on 18-1-2013 by MrMaybeNot because: resized huge pictures

edit on 18-1-2013 by MrMaybeNot because: (no reason given)

Because the update allows for speech and pictures to be sent in that chat app.

So of course it will ask for those permissions.

Did you not read the update notes?

/sigh

Did you not read the text? It doesn't say "in the chat app", but "at any time without your permission". If they wanted it only while you were using the chat app, it could read something like, "At any time that you are using the chat app." That isn't what is stated. The only reason to state something so broadly and pen-ended is because there is more than one purpose.

Originally posted by 0mage
id like someone to answer me some questions..

what does facebook require 14mb of code to do that other apps accomplish in as little as 106kb?

Check out this Link to catch a glimpse on how complex the index page of Facebook is interms of PHP code. Facebook is purely a database application and as such will have many written calls to various tables or databases and many statements to check whether each call was successful or not. After these calls, Facebook has to bring together that information to display it. Lets no forget that the app also will need to know your location so it can use the closest server to your location (so the app can appear to be faster), and it is my hunch that their compiled code includes databases of their servers and routing maps which could inflate their apk file.

For example, this site approximates the number of facebook servers to be around 180,000. Now assume each server calls are roughly 70bytes long. Then total bytes for 180k servers is 12.01Mb.

Originally posted by 0mage
why does opera need my location data?

For the same reasons as above. If you were flying from china to Canada, would you still want Opera to still route your requests through china or via closest servers to you in Canada?

Originally posted by 0mage
also glad u took so long to respond.. ur not quite right about the camera permissions once more. disabling the camera access permissions on the camera app itself allowed the camera to function and write to the gallery, but it was unable to bring up the android default gallery to view the picture from within the camera app. but the picture WAS written to disk and saved.

Don't do that again or you will brick your device. check your system log files and see check how many fatal errors your system has.

reply to post by LiveEquation

bricking my device is fine. its a project fone. purely for all the experimentation im performing. however.. i can repair bricked fones. its not a big deal. my fear factor is 0.

well maybe that is so about the database of servers but do i really need all that crap bloating my app? strange thing is that the other apps load just as fast as facebook and even faster without that hypothetical database installed. its rather strange that a 100kb app can achieve all the same functions including push notifications.

i also thought dns servers and the isp ur connected to the internet with would handle routes to addresses on the internet to find the nearest and available ones. opera doesnt really need to know a thing. especially since it routes everything to its 141 proxy.

i didnt learn to turn on a pc yesterday. my knowledge of technology is formidable. as u may soon discover.

however.. i find it interesting that u are supposing.. that is to say.. u arent sure without a shadow of a doubt that the fb app requires such an exhorbitant filesize to store its database of servers.. yet u seem absolutely certain that there are no easter eggs which assist in government and isps spying on their users.

and actually i did deny my camera those permissions twice today already. just before posting the previous post i did it again to confirm the behaviour. fone seems fine.

facebook, gallery and camera app are regular apps that run on the android platform. theyre not necessary for the functioning of the device and can be uninstalled and replaced completely with alternative apps if u so desire. the functions are in the hardware that is present.. any app that is coded to access the hardware and features will perform the same task. apps that previously linked to the native app to access its feature will just access the list of applications that can access that hardware and ask u to select an alternative app. unless of course u dont have one installed.

i can completely uninstall the camera app without bricking my device. regardless of whether it is a system app.. it is not a critical system app.

it sucks that the newer phones now have a non servicable battery, meaning you cant take the batt out. so at anytime the device can be remotley turned on and permissions allowed without user knowledge..

If your device is "rooted" there is a program called LBE security (which i am in no way promoting) i am just simply telling users there are programs designed to protect your security. it is a free app on google play, which allows you to deny permissions to any app. it also shows you the current permissions of all apps on the phone which you can select and deny. or make it promt you when a prgram asks for premissions. since i put it on my droid i have noticed several programs asking for phone records and sms records. the funny part is the nature of the programs that ask for these permissions have nothing pertaining to needing them at all. protect yourselves from big brother..they are watching.

reply to post by dirtybird


i didnt like the idea of a non serviceable battery but ive grown used to it. my droid4 (fantastic device) has one but it really isnt that big of a deal to swap out. it's wired with contacts at each end which means if u really wanted to.. it wont be that hard to mod a switch unto one side that can break the connection and turn off the fone just as removing the battery. a nice small switch can be stashed somewhere under the back cover.

Originally posted by threewisemonkeys
You can spin it any way you like but all it says is the app wont ask your permission should you decide to, for example, take a photo directly in app, as opposed to uploading from your Gallery. Likewise with voice. It's called integration. Users don't want to receive an on screen prompt at every button press just because a permission is required. No different from the Camera app opening right up instead of asking you if its ok for the camera to be accessed by the app first. You'll find permissions like this on virtually every Android or iOS app that requires access to those functions. Don't like it? Don't install the app.

Facebook is extremely invasive. Even the big geeks who talk at IT conferences talk about it. There is definitely a privacy rights issue. They know they are doing it and they are doing it because they can.

what facebook looks like when hes behaving like a good little boy. hair trimmed and wearing a tie.. all features still work including push notifications. makes me wonder what it needed more than 100mb of my memory to do previously.

s7.postimage.org...

as with the code of conduct with any unix based system or security analyst's advice. dont install what u dont need and dont apply unnecessary permissions.

14mb memory usage. now that's more like it.

after delving a little deeper and removing a few more verizon bloatware apps my overall memory usage is at half point. 412mb free out of 840mb as reported by app manager.