Facebook’s permissions: Fast vs Official App (from Team2Soft via XDA)

Quote:
Originally Posted by BillTheCat View Post
Can you elaborate a bit on permissions and privacy differences between Fast and the FB app? One key reason I’m looking for something else is that Facebook has become way too intrusive with their new permissions, and I’m looking for something that protects me and keeps my data private.

Quote:
Originally Posted by klau1 View Post
Please educate me:

AFAIK, all 3rd party Facebook apps require permission to access any Facebook data. So the user would have to grant access to the all personal data on Facebook to this app (and the developer?) for this work to function.

Now since Facebook Official app already has access, the user avoids have to grant access to yet another party to his/her personal data.

If the above logic is correct, then it’s a matter of trade off between giving access to Facebook Official app to an ever increasing set of permission to data on your phone, or giving a 3rd party app access to your Facebook data.

Is this correct understanding?

I was led here by the XDA article “Yet Another Reason to NOT Trust “Trusted” Companies: Facebook Can Now Read Your Text Messages”
http://www.xda-developers.com/androi…text-messages/
which talks about how FAST is more conservative on security access, but if the above understanding is correct, it’s really just a trade off.

Is this right?

No problem! I will start with the app permissions.

Android app permissions

Fast:

  • <uses-permission android:name=”android.permission.INTERNET” />
    This is the main permission just to access to internet.
  • <uses-permission android:name=”android.permission.ACCESS_FINE_LOCAT ION” />
    This is a permission to get your gps position. It’s triggered only when you do a checking, I never check the position or have any analytic about where you are.
  • <uses-permission android:name=”android.permission.VIBRATE”/>
    For the vibration of the chat
  • <uses-permission android:name=”android.permission.ACCESS_NETWORK_ST ATE” />
    I use it to check if your phone is connected or not
  • <uses-permission android:name=”android.permission.WRITE_EXTERNAL_ST ORAGE” />
    This is used only to store the images and for data caching to save bandwidth.
  • <uses-permission android:name=”android.permission.CAMERA” />
    This one is triggered only when you open the camera view and take a photo.

Facebook app:
This app has access to these permissions:

  • Your accounts
  • find accounts on the device
  • create accounts and set passwords
  • add or remove accounts
  • Your location
  • precise location (GPS and network-based)
  • approximate location (network-based)
  • Your messages
  • read your text messages (SMS or MMS)
  • Network communication
  • view network connections
  • receive data from Internet
  • full network access
  • change network connectivity
  • download files without notification
  • view Wi-Fi connections
  • connect and disconnect from Wi-Fi
  • Your personal information
  • read calendar events plus confidential information
  • add or modify calendar events and send email to guests without owners’ knowledge
  • read your own contact card
  • Phone calls
  • directly call phone numbers
  • read phone status and identity
  • Storage
  • modify or delete the contents of your USB storage
  • System tools
  • install shortcuts
  • test access to protected storage
  • send sticky broadcast
  • read battery statistics
  • Your applications information
  • run at startup
  • retrieve running apps
  • reorder running apps
  • Camera
  • take pictures and videos
  • Other Application UI
  • draw over other apps
  • Microphone
  • record audio
  • Your social information
  • write call log
  • read your contacts
  • modify your contacts
  • read call log
  • Affects battery
  • prevent device from sleeping
  • control vibration
  • Audio settings
  • change your audio settings
  • Status bar
  • expand/collapse status bar
  • Sync Settings
  • toggle sync on and off
  • read sync settings
  • Wallpaper
  • set wallpaper
  • adjust your wallpaper size

Crazy. Just crazy. 

Facebook permissions.
Fast:
Fast asks for a lot of permissions because there is no way to access to your data or write a new object without them. The good thing is that the app does what you want to do and there is no background process that spies or catch your information. There is no analytic or hidden services. At the first installation the app asks if you want to post a status with information about Fast, but you can choose if you want this or not.
This is the list of permissions that Fast can ask you (all are optional, if you need a feature you accept, otherwise you can decide to decline):

So, if you need a client that is triggered only by your actions, Fast it’s your choice. The app doesn’t have any control on your sms, contacts, phone data and status. It’s not connected to any spying web services and there are no logs or personal information that are sent to me. I have no idea who is using Fast, what the user is doing. I just have Facebook data about active monthly user, geographical stats (only countries percentage), language and stats about how many api calls are made + api errors.

Facebook App:
The thing with official app is that you can’t decide what permissions you can give to it, because it’s official and it can do everything. If you loose your phone and you don’t have the proper security level, everyone can do everything on your FB account with the Fb app.
Moreover, you don’t know what kind of analytic, hidden services and hidden processes are on the app. You have to give so many android permissions that you literally give the app a full control of your phone.

I know that I am no one, and it’s hard to trust, but Fast is here from almost 2 years and people trust my app. You can check the ratings and all the discussion here, I am always open to change the app, follow feedback and fix everything. My motto is to be transparent and always open to accept critics and new ideas.
If someone needs more info, feel free to write here!!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s