Whew. This whole Facebook data mess sure is spiraling into quite the fiasco, isn't it?
Seems every day lately, there's some new shocking twist to how everyone's personal data was used (and abused) without their knowledge. While much of the issue revolves around Facebook itself and practices that are out of our control, there's an angle that ties in directly to Android — and it's one that's important to think through, whether you use Facebook or not.
I'm talking about the recent revelation, amidst everything else, that Facebook was keeping long-term logs of all calls and messages made on Android phones with its Messenger and Facebook Lite apps in place. Facebook now says it's scaled back its collection of such data, but the very fact that the company was accessing and storing that much personal info — often from users who were oblivious to the fact that anything of that nature was going on — is certainly eye-opening, to say the least.
As the wise scribes over at Android Central explain, Facebook wasn't technically doing anything wrong with this action; it was simply taking advantage of Android's older, pre-2015 permissions model, which presented users with a sprawling list of take-'em-or-leave-'em permissions every time a new app was installed. The newer setup — introduced with 2015's Android 6.0 Marshmallow release (though apparently used by Facebook only since mid-last-year, as noted by the AC crew) — presents permissions on a case by case basis as an app needs them and then lets you accept or deny individual permissions as you see fit.
So now, if Facebook or any other app wants access to your contacts, phone data, messaging data, or anything else, it has to explicitly ask for that — and you can approve or deny it (and then keep using the app either way).
The cold, hard truth, though, is that even in this new and improved scenario, we've all been guilty of blindly accepting some app's permission request without really reading it carefully or giving it much thought. It's the old "terms of service" reflex: When you're in the midst of a task and some pop-up appears, your first instinct is usually: "Yeah, yeah, whatever — get out of my way." And that can mean you end up granting an app permission to something you might not actually want it to have.
But here's the good news: Android in its current state makes it incredibly easy to pull up common system permissions and see which apps have access to them. From there, all it takes is a single tap to take an app out of the list and cut off its access entirely.
Given everything that's going on with Facebook right now, it seems like a fine time for all of us — Facebook users or not — to take a few minutes to revisit our Android app permissions and make sure we understand exactly which programs have access to which types of information. In this domain, after all, the power is in our hands.
Checking your Android app permissions
Assuming your Android device is running Android 6.0 or higher — which most reasonably recent devices are — here's all you have to do to dig into your app permissions and see what's accessing what:
1. Open up the Apps & Notifications section of your system settings. (If your device doesn't have a section with that exact title, find the closest equivalent.)
2. Look for a line labeled "App permissions" and tap it.
3. See all those different categories? Those are the types of permissions you've granted to apps on your phone over time.
4. Tap on "Phone" to see which apps are authorized to manage your various phone-related functions.
Now, I wouldn't monkey around with system-level items like Carrier Services or Google Play Services, as taking access away from those sorts of things can cause important parts of your device to stop working the way they should.
But if you see something in the list like, say, Bank of America or Pandora and you think: "You know, I'd just as soon not allow that app to have access to the voice calling area of my phone" — go ahead and deactivate the toggle alongside it. The worst that'll happen is that the app will ask you for the permission again the next time you try to do something for which it's required, and you can decide then if you want to give it back or not.
5. Look through the other categories of permissions — particularly ones like "Contacts," "Location," and "SMS" — and carefully consider each app that's been approved for that category and whether you actually want it to have that access (and also what sort of functionality you might lose if you remove it).
6. Set yourself a reminder now to revisit this every six months or so. At the very least, it can never hurt to be aware of what's happening on your phone and what types of permissions you're allowing third-party programs and their owners to have.
Once it's out there, we may not be able to control every aspect of how our data is used — but within the realm of Android, at least, we can control what types of info apps on our phone are and aren't able to see. And as the current Facebook mess reminds us, thinking through such matters before they become concerning can never be a bad idea.
Sign up for JR's new weekly newsletter to get this column along with bonus tips, personal recommendations, and other exclusive extras delivered to your inbox.
[Android Intelligence videos at Computerworld]