Use an Android phone? Facebook likely storing very personal data and you never knew it was happening

Amid outcry over Facebook’s handling of third-party misuse of personal data, it was revealed over the weekend that Facebook has been collecting the phone metadata of Android users for years.

And if you have an Android phone and use Facebook, you probably never knew it was happening.

Here’s everything we know:

• Android Facebook users noticed what was happening when they downloaded their archived Facebook user data, apparently spooked by Facebook’s Cambridge Analytica scandal, according to Ars Technica.
• It was discovered Facebook stored very personal metadata, including call logs containing contact information, phone numbers and call lengths.
• The archived data also included similar data for SMS text messages, although the actual messages themselves were not archived.
• Part of the problem lies in a previous version of Android's operating system, which gave Facebook access to certain metadata by default. However, if developers used the old API to access data, they could bypass the update.
• Google, which owns Android, "depreciated" the old API last October. It appears that's when user data stopped being archived.
• It's not clear how long the data was being collected and archived.

Why does this affect only Android users?

Because, as the Verge noted, Facebook recently made a push for Android users to use its messaging platform, Messenger, as their default SMS client. Apple iPhone users, on the other hand, use iMessage. More from Ars Technica:

Facebook uses phone-contact data as part of its friend recommendation algorithm. And in recent versions of the Messenger application for Android and Facebook Lite devices, a more explicit request is made to users for access to call logs and SMS logs on Android and Facebook Lite devices. But even if users didn't give that permission to Messenger, they may have given it inadvertently for years through Facebook's mobile apps — because of the way Android has handled permissions for accessing call logs in the past.

How did Facebook respond?

Facebook responded to the problem on Sunday in a "fact check" blog post. They denied that they had been collecting the phone and SMS metadata of Android users.

Instead, the social media giant claimed the feature is "opt-in."

"Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android. This helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook," the company said.

"People have to expressly agree to use this feature. If, at any time, they no longer wish to use this feature they can turn it off in settings ... and all previously shared call and text history shared via that app is deleted. While we receive certain permissions from Android, uploading this information has always been opt-in only," Facebook explained.

But according to Ars Technica, user experiences directly contradict Facebook's claims that revoking the permissions deletes the data. Instead, the tech news website says Facebook's "opt-in" feature was turned on by default and wasn't a separate option users had to trigger.

Ars Technica reported:

While data collection was technically "opt-in," in both of these cases the opt-in was the default installation mode for Facebook's application, not a separate notification of data collection. Facebook never explicitly revealed that the data was being collected, and it was only discovered as part of a review of the data associated with the accounts. The users we talked to only performed such reviews after the recent revelations about Cambridge Analytica's use of Facebook data.

Still, Facebook emphasized it never sold users' data.

"We never sell this data, and this feature does not collect the content of your text messages or calls," the company wrote.

What can you do to stop Facebook from collecting your data?

According to Facebook, Android users need to turn off the feature in their settings. Click here for Facebook's instructions.