back to article 'Facebook takes data from my phone – but I don't have an account!'

Anyone who uses the Facebook phone app knows what a toll it can take both on your mobile data and free time to be plugged into the social network through your device. But what happens if you don't even have an account, you can't remove the app, and the social network won't leave you alone? That's a problem facing folks around …

Page:

  1. Anonymous Coward
    Anonymous Coward

    Hidden .facebook_cache folder

    Started to noticed a hidden .facebook_cache folder containing journal entries. That never happened before! Note, we've never used Facebook... My SO is forced to use WhatsApp for work though.

    1. Anonymous Coward
      Anonymous Coward

      Re: Hidden .facebook_cache folder

      Where is it? I do have WhatsApp but I don't have any FB app installed, and I can't find it.

      1. Anonymous Coward
        Anonymous Coward

        'Where is it?'

        What's the path to this folder, you mean?

        Its located in the root of 'Internal Storage', right next to the default location for DCIM (photos / videos). Connecting the phone to a PC via USB shows the folder. Its not visible on the phone otherwise, due to the period at the start of the filename.

        The folder along with its files are getting created periodically, possibly around the 3rd week of every month (now)... What's in the files? No idea, they're encoded. What are the filenames? They're mostly obscure but two of them end in 'unknown', and the only other standout one is called 'Journal'...

        Anyone else seeing this? .... Any idea what these are? This phone has never had Facebook ever. Its Android v4. Every single slurpable app has been long disabled, except WhatsApp... Which was side-loaded earlier this year...

        1. Tony Paulazzo

          Re: 'Where is it?'

          WhatsApp

          If it's owned by Facebook, and you use it it, so are you...

          https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Facebook

          1. Anonymous Coward
            Anonymous Coward

            'If it's owned by Facebook, and you use it it, so are you...'

            Sadly, lots of workplaces are too useless to have proper infrastructure and so rely heavily on Gmail / Google-apps and WhatsApp etc. Especially educational institutes. Consider yourself lucky / free to escape this kind of oppression! But make sure you're not friends or have family linked to anyone in this situation sharing your cellphone / email with Suckerberg, or you're info is being hoovered up in Shadow Profile data too!

            1. JohnFen Silver badge

              Re: 'If it's owned by Facebook, and you use it it, so are you...'

              " lots of workplaces are too useless to have proper infrastructure and so rely heavily on Gmail / Google-apps and WhatsApp etc. "

              Mine is one of these (except WhatsApp). So what I do is use them -- but only on company computers, and only for company business.

              I don't allow any of my personal machines or devices to communicate with company equipment or services.

            2. StargateSg7 Bronze badge

              Re: 'If it's owned by Facebook, and you use it it, so are you...'

              Luckily, I don't have this issue since we have OUR OWN Android OS which we rebuilt from SCRATCH which redirect's all IP requests and file open/save requests to sandboxed files which we can examine at ANY time to see where there are going and what is being saved.

              In a CUSTOM version of Android you just redirect ALL file open/write/read/close requests and ALL IPV4/V6 data rads/writes to custom memory locations and REMAP storage requests to custom files which can be moved and/or examined and/or deleted at any time!

              Any APPS we install will work as normal and since we even create our own version of JAVA/JS where we can ENSURE everything such as location data, hardware and BIOS access is simply STRIPPED OUT or redirected...It's actually not that hard to do and once your codebase is set you only need to update it whenever a new version of Android comes out.

              Yes! A "normal" company would NOT do that but since we ARE NOT a normal company, we have the coders and hardware tech engineers and gurus who can do stuff like that! We STILL use Facebook and many applications BUT it's on OUR TERMS ONLY since WE rewrote the Base Android OS, teh phone BIOS and the JAVA JIT engine AND the HTML5 browser engines from SCRATCH !!!

              1. Jamie Jones Silver badge

                Re: 'If it's owned by Facebook, and you use it it, so are you...'

                Who are "you", and where can we get your OS?

                1. Charles 9 Silver badge

                  Re: 'If it's owned by Facebook, and you use it it, so are you...'

                  And what do you do when you need to use an app that won't work unless the custom OS is signed by Google?

                  1. dbtx

                    I've no such problem yet but I suppose that I would duly forsake that God-forsaken app, and refuse to use it

        2. Anonymous Coward
          Anonymous Coward

          Re: 'Where is it?'

          I vaguely remember with Win95 with some form of early malware that would either create a file in the Windows directory.

          The way to prevent it was to create a folder with the same filename (complete with .EXE at the end) as the malware. The idea was that you can't overwrite a folder with a file, and so was safe.

          Not an Android person, but wonder if you deleted that folder and created a file with the same name it would bugger things up for FB?

        3. anothercynic Silver badge

          Re: 'Where is it?'

          Can you modify its permissions? :-)

      2. Jamie Jones Silver badge

        Re: Hidden .facebook_cache folder

        Try "sqlite3 dump <filename>" - (but not on the journal files)

        1. Anonymous Coward
          Anonymous Coward

          'Try "sqlite3 dump <filename>"

          Have Win7/Mint on Desktop. Steps for easy install of sqlite3...?

          1. onefang

            Re: 'Try "sqlite3 dump <filename>"

            "Have Win7/Mint on Desktop. Steps for easy install of sqlite3...?"

            Dunno about Win 7, I don't have one of those handy, and even for Mint I'm just guessing, I don't want to turn on my test Mint system just to look that up, but try this on Mint -

            apt-get install sqlite3

            Or try searching for it in what ever package manager you use on Mint, it'll be there. It might even be installed already, it's a common dependency for Linux packages.

            1. Jamie Jones Silver badge

              Re: 'Try "sqlite3 dump <filename>"

              Let us know if the mint suggestion worked!

              meanwhile, on mint, type "file FILENAME"

              that should show you what type of file it is, even without sqlite3 installed.

            2. Anonymous Coward
              Anonymous Coward

              'Let us know if the mint suggestion worked!'

              UPDATE:

              Thanks for the debugging suggestions guys. It seems I had Sqliteman installed for phonebook backups. However it didn't recognize the files. But File <filename> returned 256 x 256 PNG. Turns out they're thumbnails, like little Google-maps.

              CONCLUSION: Looks a lot like 'Location' Tracking-Data.

              Location Services are fully off, but of course on Android-4, there's no permissions. So WhatsApp could be logging cellphone towers like Google was caught doing recently.

              Interesting stuff, but terrifying too, if it turns out to be true. Will keep an eye in coming months and post again under the same original post title if things go down-the-rabbit-hole much further...

              1. Jamie Jones Silver badge

                Re: 'Let us know if the mint suggestion worked!'

                Please ping me if you have an update, or want to investigate further. I'm unlikely to notice any replies to this topic in the future (sucky El reg forums - how on Earth do people track replies on here?)

                The "-journal" ending implied to me it was sqlite3, but they were images.. Hmm. maps of your location?

                I don't have access to an android *phone* so can't check, but I can comfirm that at least until android lollipop you could grab the wlan mac, and the host mac on a tablet even without being granted the privileges "needed", so nothing would surprise me ( https://forums.theregister.co.uk/forum/containing/3520637 )

                Of course, the host mac is good as a unique id (if the 'official device unique id' is denied)

                Also, the wlan mac can be used to track you from their big database of snarfed wlan mac address.

                Incidentally, I worked out how to do this after accidentally stumbling on an app that had my precise location in it's config/data file - despite me never authorising it, or even having GPS (not really much point on a TV box!)

                Even some apps from "reputable" companies do this - it appears that the ad brokers follow no rules when it comes to what they'll try and grab... Don't they know unauthorised access is a crime?

                1. Anonymous Coward
                  Anonymous Coward

                  Re: 'Let us know if the mint suggestion worked!'

                  "my precise location in it's config/data file"

                  Any particular format? Presumably something fairly compact (in "number of bytes" terms)?

                  "The "-journal" ending implied to me it was sqlite3, but they were images.. Hmm. maps of your location?"

                  If, hypothetically speaking, I wanted an app to unobtrusively track someone's location, periodically saving/uploading a harmless-looking image (*NOT* something that looks like a map) with the location data hidden in the image using steganography or similar, for later analysis, might be an interesting approach.

                  Are there any samples of this 256x256 PNG file ? Has anyone looked at the actual contents?

                  1. Jamie Jones Silver badge

                    Re: 'Let us know if the mint suggestion worked!'

                    I'm getting confused - there seem to be 2 different anons posting here!

                    The format... It was just grid coordinates in text, not hidden.. It was part of a json or something. I've blocked all these ad slurpers on my router now.. .I'll see if I can find an example....

                  2. Jamie Jones Silver badge

                    Re: 'Let us know if the mint suggestion worked!'

                    Interesting idea, though location data can be transfered in 4 bytes.. It would be pretty easy to hide that somewhere, without uploading an image... Uploading an image would set my alarm bells off immediately! Have they got control of my camera?!

                    Ok, I found this. I wrote a script that deletes all the spying data files, but this is obviously one I missed:

                    44 -rw-rw---- 1 u0_a194 u0_a194 43043 Aug 27 2016 /data/data/air.SpaceZombies2/shared_prefs/Appodeal.xml

                    Look for "Appodeal.xml" in the shared_prefs folder of any app (you'll need to be root though)

                    This is a 43K file, starting off like:

                    <?xml version='1.0' encoding='utf-8' standalone='yes' ?>

                    <map>

                    ap>

                    <string name="banner">{&quot;status&quot;:&quot;ok&quot;,&quot;ads&quot;:[{&quot;status&quot;:&quot;mopub&quot;,&quot;id&quot;:&quot;YktV,,, etc.

                    decoding it gives a json file, uploading variables such as:

                    gender:

                    alcohol:

                    smoking: (how the f??? does it know that?)

                    Interestingly, it's also hacked other apps and uploaded their unique ids that were given to me, including: "admob, applovin, chartboost, inmobi, mopub, smaato"

                    The worst is this URL listed:

                    "url":"http://soma.smaato.net/oapi/reqAd.jsp?adspace=130015622

                    \u0026apiver=415

                    \u0026bundle=air.SpaceZombies2

                    \u0026device=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+5.1.1%3B+R68G+Build%2FLMY48G%29

                    \u0026devicemodel=rockchip+R68G

                    \u0026devip=88.109.36.106

                    \u0026dimension=full_320x480

                    \u0026dimensionstrict=true

                    \u0026format=all

                    \u0026formatstrict=true

                    \u0026gender=m

                    \u0026googleadid=6d7d7151-9edf-4085-aa19-67726fd7dd1c

                    \u0026googlednt=false

                    \u0026gps=51.65765765765766%2C-4.0371868876609485

                    \u0026iabcategory=IAB95

                    \u0026kws=puzzle%2Ctools%2Cadventure

                    \u0026mraidver=2

                    \u0026pub=1001000335

                    \u0026response=html"

                    All those details were accurate at the time - as I said, I don;t even have gps on here, but if you look at the "gps" field, if you threw a hand-grnade at those coordinates, you'd blow up my sofa! (OK, slight exageration, but it's the coordinates of the playing field opposite!)

    2. Anonymous Coward
      Anonymous Coward

      host file?

      Does Android have a host file that can be edited to misdirect all things Facebook?

      1. Steve Evans

        Re: host file?

        It does indeed.

        Although you will probably need root to get to it, and if you've gone that far you could either remove the FB app, or install a ROM that doesn't come pre-infected.

        1. CrazyOldCatMan Silver badge

          Re: host file?

          Although you will probably need root to get to it

          Which reminds me - I'm going to need to replace my OnePlus 3 soon (it's getting a bit flaky - rebooting at random intervals - both on a stock ROM and on the custom ROM I use) and so I want to replace it. Requirements are:

          2 SIM slots (I don't want to have to carry a 2nd phone for work)

          Must be rootable (bonus if a custom ROM is available).

          Doesn't have to have a headphone jack, would be nice to be at least splashproof and have a good camera.

          Any ideas? I thought that the Nokia 8 looked like a vaguely good bet but I don't know how long they support their phones..

          1. Waseem Alkurdi Silver badge

            Re: host file?

            If it were me, I would go for another OnePlus (maybe a OP5).

            That's the only thing that checks all the boxes and has some support.

          2. Alan_Peery

            Re: host file?

            Sounds like you should look at the OnePlus 6....

        2. Alan Brown Silver badge

          Re: host file?

          "Although you will probably need root to get to it,"

          If you don't want to root your android, then Blokada will do the trick nicely. It's available on the F-droid store (banned from Google for obvious reasons).

          Incidentally, Facebook aren't the only spyware bunch coming preinstalled/unreovable. Slimy spamhaus Linkedin has their app bundled with Samsung Galaxy 9 phones and it's also non-disablable.

        3. population density

          Re: host file?

          Regarding Facebook app on Android, if you download a file manager such as ES File Explorer you can then click on Apps and Uninstall.

      2. e^iπ+1=0

        Re: host file?

        Does dns66 help if the device isn't rooted? Sadly, I am without the problematic face* apps to test.

        1. Sir Runcible Spoon Silver badge

          Re: host file?

          Back when I used to use a smart phone, I seem to recall installing a local VPN app that created rules every time another app wanted to talk to someone. It gave you the option of denying the flow - so if you have s/ware you can't un-install you could always try blocking the data flow.

          1. tel2016

            Re: host file?

            NoRoot Firewall?

        2. ACZ

          Re: host file?

          I'd definitely suggest giving dns66 (https://github.com/julian-klode/dns66) a tryt - it'll set itself up as a VPN on your phone so all traffic is routed through it, and then just black-hole ad sites. Don't know whether the domains the FB app is talking to are blocked by it, but it's worth a try. If the problem app is installed as a system app then you might have to go into the dns66 "APPS" settings and toggle it to show system apps since dns66 is set up so that traffic from system apps is (by defaut) not re-routed.

          If using dns66 then you can also get it to use a chosen DNS server, e.g. an ad-blocking DNS server.

      3. Alumoi

        Re: host file?

        Yes, it does. But you have to be root in order to modify it.

        And while you're at it, install a firewall, an adblocker and nuke all the crap that comes preinstalled.

        AFWall+ and AdAway do wonders for your peace of mind.

        1. jaduncan

          Re: host file?

          You don't have to be root to modify DNS66, it works via a local VPN.

          1. Charles 9 Silver badge

            Re: host file?

            But does it also work on system apps which can operate under it? Or the baseline OS itself?

    3. JohnFen Silver badge

      Re: Hidden .facebook_cache folder

      "My SO is forced to use WhatsApp for work though."

      Then your SO is using Facebook.

  2. Anonymous Coward
    Anonymous Coward

    scurrilous scumbags surreptitiously stealing shit.

  3. thesykes

    If manufacturers want to sell their souls to Facebook, let them, but the app should be installed as a normal app, not a system one. Not only does that mean they can't be uninstalled, but, it wastes storage on old versions of the app sitting redundant, if they are used and updated.

    1. Dan 55 Silver badge

      It's money. If Facebook paid high enough, at least one manufacturer would make the FB app the default launcher.

      1. Voland's right hand Silver badge

        If Facebook paid high enough, at least one manufacturer would make the FB app the default launcher.

        I believe that was done at least once. I recall something called "facebook phone" being shown at MWC a few years back.

        1. StripeyMiata

          HTC First - https://en.wikipedia.org/wiki/HTC_First

          Was a massive flop for what it's worth.

      2. cosmogoblin
    2. Voland's right hand Silver badge

      Immediate kill in our house

      Any Android device is used only after Facebook has been killed with extreme prejudice.

      1. It has an abominable level of access to your phone - more than google's own apps. I have dumped the permissions in human readable format before - have a read: https://forums.theregister.co.uk/forum/containing/3518874

      2. It used to go into a tailspin without you having an account and use 100% CPU in some versions. So disabling it was a requirement if you did not have a f***book account.

      3. Even if you do not have an account some versions still register as attempting to talk to mothership in an app level firewall in Android. So it is guilty of data collection until proven innocent even if you do not have an account and/or have agreed to Facebook terms. That as we all know is a GDPR no-no. I am eagerly awaiting the end of this month to unblock the "not uninstallable" factory f***book app on my phone for 5 minutes and capture its data profile. If it will be what I would expect it to be the Minuteman will start a final countdown for a 4% Turnover GDPR nuclear strike.

      1. Anonymous Coward
        Anonymous Coward

        Re: Immediate kill in our house

        @Voland's right hand; "it is guilty of data collection until proven innocent even if you do not have an account and/or have agreed to Facebook terms. That as we all know is a GDPR no-no"

        Indeed. Let's please, *please* hope those pathologically-contemptious c***s get metaphorically (#) hit by the GDPR in much the same manner as Joe Pesci was at the end of "Casino".

        (#) No comment on the suspicion that there are some people out there who *would* be happy to see this happen more literally to Zuckerberg!

      2. Bavaria Blu
        Stop

        Re: Immediate kill in our house

        Sure the GDPR only applies to personally identifiable data? I am not sure what data Facebook could collect which would be useful assuming no one is logged in. Perhaps you could use aggregated phone location to estimate footfall for retail outlets?

    3. Anonymous Coward
      Anonymous Coward

      If manufacturers want to sell their souls to Facebook

      rotfl, they're selling YOUR soul, not theirs. And the fact that "the app is installed as a system app, not a normal one" is EXACTLY there so that it stays there and you, an average mug, can't just delete it because you heard something-something-privacy-issue. You know, this free shot you get? If you need to go out to find a dealer, it's a hassle and plenty of reasons to give up before you find one. But if it's there, RIGHT IN YOUR POCKET...

      1. JohnFen Silver badge

        Re: If manufacturers want to sell their souls to Facebook

        "they're selling YOUR soul, not theirs"

        True. Facebook (et al) has no soul to sell. Nor ethics, or even basic human decency.

    4. paulll

      Yes, that!

      I've a Samsung tablet that's perpetually low on storage. I have 800Mb-ish of programs that I've installed on it...and over 900Mb of pre-installed crap that I would like to delete, but can't.

  4. Timmy B Silver badge

    I wonder if the same phone unlocked has the software pre-installed too? I'm suspecting that this is down to sprint rather than LG

    1. Anonymous Coward
      Anonymous Coward

      Nope it will be the phone.

      I've always by SIM free and this sort of shit is always pre-installed.

      We can only hope the time of reckoning has come and that governments* around the world start fining them in the tens of billions, rather than the millions.

      *as recently demonstrated, the UK is not worth the tech giants time. I'm talking about ones that actually scare the organisations, not ones with as much bite as a dead goldfish.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020