There has been a rather large outcry by people this week about the permissions used by the Facebook Messenger app. Nothing has really changed about it recently. It’s the same it always has been, more or less. Except, someone with a little knowledge read the requested permissions list, and freaked out. There really is no cause for concern over it. Yes, a malicious app could use these same permissions to wreak havoc, and yes, you should always review the permissions used by an app and ask yourself, “Why would it need these?” But keep in mind, that from the coding side of things, you have to request permission for nearly every small thing that happens that isn’t involved with information that is pre-packaged with your app.
Here’s a run-down of the requested permissions as of 2014/08/09:
find accounts on the device, read your own contact card, read your contacts, approximate location (network-based), precise location (GPS and network-based), edit your text messages, receive text messages, read your text messages, send SMS messages, receive text messages, directly call phone numbers, read call log, test access to protected storage, modify or delete the contents of your USB storage, take pictures and videos, record audio, view Wi-Fi connections, read phone status and identity, receive data from Internet, download files without notification, run at startup, prevent device from sleeping, view network connections, install shortcuts, change your audio settings, read Google service configuration, draw over other apps, full network access, read sync settings, control vibration, change network connectivity.
Notice that most of these items are emboldened. The ones that are listed in plain text are the permissions that are NOT also required for the standard facebook app. So, only sending, receiving, and editing your text messages are specific to this app. Why would it need those permissions? Perhaps, because it can be used to manage your text messaging so that you only need to use one messaging app.
If we take a look at the permissions requested for the Facebook app, they include all of the bold entries from the list above, and also these:
retrieve running apps, modify your contacts, read calendar events plus confidential information, add or modify calendar events and send email to guests without owners’ knowledge, write call log, adjust your wallpaper size, create accounts and set passwords, toggle sync on and off, draw over other apps, expand/collapse status bar, change network connectivity, set wallpaper, send sticky broadcast, read battery statistics, reorder running apps, connect and disconnect from Wi-Fi
So, if you are going to stop using the messenger app just because it requests the capabilities that it does, then you should stop using the main Facebook app as well. Although, we all know that won’t happen.
This latest wave of facebook fear has been due to articles like this one. There really isn’t anything to be afraid of. To address some of the more scary-sounding requirements: contacts and location are pretty obvious, since it can add and merge facebook contacts into your phone, and you have the option of including your location in chats and posts. Text messaging has already been covered. The ability to call numbers is so that you can call someone just as you can from your stock messaging app. This is more just a convenience thing for the user. It doesn’t secretly hide a call in the background. Your regular phone call app will pop up. Testing accecss to protected storage is not as bad as it sounds. Protected storage is the memory area in which things are stored for that app, which cannot be accessed from other places. So, it is just testing that it can read its own allocated memory area. Pictures, recording audio, using the internet, running at startup, vibration and sound control. All perfectly normal for an app that access all of its content via the internet and alerts you to it.
There is nothing to worry about. No one is spying on your through your facebook app. Well, facebook isn’t intentionally using it to spy on you. Well, not in the way that you are thinking. They aren’t trying to secretly make calls on your phone and read your contacts. All the permissions are easily explained you have nothing to worry about when using it except for the same privacy and security concerns of the main facebook app.
UPDATE: It has also been brought up that a bigger issue isn’t what the app is capable of doing, but rather that it is going to be required in order to use facebook messaging on a mobile device. Most people already use it, but for some, it’s just another icon, another running app. While it may be an annoyance, especially for those trying to maximize battery life, it is ultimately up to the company how they want to implement their services. It could be that running messaging through the normal app is part of its bloat, and by splitting them, it can have a more streamlined service. Google does similar things with Hangouts and G+. You can always sign out of messenger whenever you aren’t using it. Subscribe to text-based alerts and then open and sign into the messenger app when you want to use it. Or perhaps the Facebook app will offer at least a message alert, which then can open the messenger. These are all workarounds, but at least it’s an alternative.