Facebook’s Messenger App Has More Spyware Than Products Designed Specifically For Surveillance

Giuseppe Macri Tech Editor
Font Size:

Facebook was the recipient of sharp criticism from Android users last month when the company released its new mandatory Messenger app, which collected an unprecedented amount of private information about its users — now it seems the iOS version for iPhone users could give it a run for its data.

“Messenger appears to have more spyware type code in it than I’ve seen in products intended specifically for enterprise surveillance,” security researcher Jonathan Zdziarski tweeted after digging through the app’s iOS binary earlier this week.

According to an email from Zdziarski to Motherboard, Facebook Messenger for iPhone logs almost all activity a user executes on the app, down to every individual tap, screen turn and time used. (RELATED: Facebook’s New Messenger App Can Invade Your Privacy, But It’s Android’s Fault)

“[Facebook is] using some private APIs I didn’t even know were available inside the sandbox to be able to pull out your WiFi SSID (which could be used to snoop on which WiFi networks you’re connected to) and are even tapping the process list for various information on the device,” Zdziarski said in the report.

On Twitter Zdziarski said he’d worked for companies that write surveillance software “that didn’t know this level of access was possible.”

Shortly after reporting his findings, the researcher got into a debate with one of Messenger’s programmers over Twitter about the reasons for and depths of the app’s data-gathering capabilities.

Developer Lucy Zhang did not respond to Zdziarski’s tweeted replies pointing out that Facebook could improve the app’s performance for users without tracking their WiFi locations, and that the company should fully disclose the details of the app’s tracking to users before installing.

“[A] couple hours of tinkering around isn’t going to provide any meaningful conclusions… but there is a lot of code that suggests Facebook is running analytics on nearly everything it possibly can monitor on your device,” Zdziarski said. “Ultimately it comes down to whether or not you trust Facebook not to take advantage of their position on your device to snoop on you.”

“The technical capabilities to do so are certainly there.”

Follow Giuseppe on Twitter and Facebook