Facebook wants to read users’ SMSes, confidential information: Kaspersky

03 Feb 2014

Leading social media company Facebook wanted to read SMSes and other confidential information of people on the Android mobile phone platform, cybersecurity firm Kaspersky said today, PTI reports.

''Over the last few days there has been a constant scrutiny over Facebook having access to your SMS. Buried within the latest update for Facebook's Android app is a feature that is causing growing concern among some users,'' Kaspersky said in a statement today.

The social network is one of the companies, which US whistleblower Edward Snowden had accused of sneaking into private information to help the US' National Security Agency in its global spying programme, the report said. However, Facebook has denied the allegation.

At the time it of its installation on Android mobile phones, the Facebook application seeks certain permissions and the updated version now asks users to allow it ''Read your text messages (SMS or MMS)''.

The logic behind the social media seeking access to SMS is that ''if you add a phone number to your account, this allows us to confirm your phone number automatically by finding the confirmation code that we send via text message''.

The updated Facebook application now sought to read calendar events and confidential information which it justified as it was required to allow the app to show users' calendar availability (based on users' phone's calendar) when they were viewing an event on Facebook.

Facebook users received code via SMS, that is to be entered when a user registered with the social media website, which in a way, helped the company verify the authenticity of users twice.

''Two-factor authentication provides an extra level of security, so it's good to see Facebook providing this option ... As a final note, we'd urge people to carefully check the permissions requested by any app when you first install it,'' According to Kaspersky Lab's principal security researcher David Emm, two factor authentication provided an extra level of security, so it was good to see Facebook providing the option.

He added by way of a final note users would be advised to carefully check permissions requested by any app when it was first installed.

Kaspersky further added that permissions also granted access to multimedia messages, for which reason was not explicitly given.

Expressing apprehension over the  use of the word 'automatic' used in the permission sought by Facebook, Kaspersky said, the key seemed to lie in the word automatically. The app did not need to do this automatically and Facebook could simply prompt users to type in the code manually, or at the very least, provide this option.

Kaspersky added, that this might be an innocent feature, but in the light of growing concerns about online privacy, such an option  would help to allay people's fears.

The social network is said to have 93 million users in India of which 75 million accessed it from their mobile phone as of December 2013.