Hidden .facebook_cache folder
Started to noticed a hidden .facebook_cache folder containing journal entries. That never happened before! Note, we've never used Facebook... My SO is forced to use WhatsApp for work though.
Anyone who uses the Facebook phone app knows what a toll it can take both on your mobile data and free time to be plugged into the social network through your device. But what happens if you don't even have an account, you can't remove the app, and the social network won't leave you alone? That's a problem facing folks around …
What's the path to this folder, you mean?
Its located in the root of 'Internal Storage', right next to the default location for DCIM (photos / videos). Connecting the phone to a PC via USB shows the folder. Its not visible on the phone otherwise, due to the period at the start of the filename.
The folder along with its files are getting created periodically, possibly around the 3rd week of every month (now)... What's in the files? No idea, they're encoded. What are the filenames? They're mostly obscure but two of them end in 'unknown', and the only other standout one is called 'Journal'...
Anyone else seeing this? .... Any idea what these are? This phone has never had Facebook ever. Its Android v4. Every single slurpable app has been long disabled, except WhatsApp... Which was side-loaded earlier this year...
Sadly, lots of workplaces are too useless to have proper infrastructure and so rely heavily on Gmail / Google-apps and WhatsApp etc. Especially educational institutes. Consider yourself lucky / free to escape this kind of oppression! But make sure you're not friends or have family linked to anyone in this situation sharing your cellphone / email with Suckerberg, or you're info is being hoovered up in Shadow Profile data too!
" lots of workplaces are too useless to have proper infrastructure and so rely heavily on Gmail / Google-apps and WhatsApp etc. "
Mine is one of these (except WhatsApp). So what I do is use them -- but only on company computers, and only for company business.
I don't allow any of my personal machines or devices to communicate with company equipment or services.
Luckily, I don't have this issue since we have OUR OWN Android OS which we rebuilt from SCRATCH which redirect's all IP requests and file open/save requests to sandboxed files which we can examine at ANY time to see where there are going and what is being saved.
In a CUSTOM version of Android you just redirect ALL file open/write/read/close requests and ALL IPV4/V6 data rads/writes to custom memory locations and REMAP storage requests to custom files which can be moved and/or examined and/or deleted at any time!
Any APPS we install will work as normal and since we even create our own version of JAVA/JS where we can ENSURE everything such as location data, hardware and BIOS access is simply STRIPPED OUT or redirected...It's actually not that hard to do and once your codebase is set you only need to update it whenever a new version of Android comes out.
Yes! A "normal" company would NOT do that but since we ARE NOT a normal company, we have the coders and hardware tech engineers and gurus who can do stuff like that! We STILL use Facebook and many applications BUT it's on OUR TERMS ONLY since WE rewrote the Base Android OS, teh phone BIOS and the JAVA JIT engine AND the HTML5 browser engines from SCRATCH !!!
I vaguely remember with Win95 with some form of early malware that would either create a file in the Windows directory.
The way to prevent it was to create a folder with the same filename (complete with .EXE at the end) as the malware. The idea was that you can't overwrite a folder with a file, and so was safe.
Not an Android person, but wonder if you deleted that folder and created a file with the same name it would bugger things up for FB?
"Have Win7/Mint on Desktop. Steps for easy install of sqlite3...?"
Dunno about Win 7, I don't have one of those handy, and even for Mint I'm just guessing, I don't want to turn on my test Mint system just to look that up, but try this on Mint -
apt-get install sqlite3
Or try searching for it in what ever package manager you use on Mint, it'll be there. It might even be installed already, it's a common dependency for Linux packages.
UPDATE:
Thanks for the debugging suggestions guys. It seems I had Sqliteman installed for phonebook backups. However it didn't recognize the files. But File <filename> returned 256 x 256 PNG. Turns out they're thumbnails, like little Google-maps.
CONCLUSION: Looks a lot like 'Location' Tracking-Data.
Location Services are fully off, but of course on Android-4, there's no permissions. So WhatsApp could be logging cellphone towers like Google was caught doing recently.
Interesting stuff, but terrifying too, if it turns out to be true. Will keep an eye in coming months and post again under the same original post title if things go down-the-rabbit-hole much further...
Please ping me if you have an update, or want to investigate further. I'm unlikely to notice any replies to this topic in the future (sucky El reg forums - how on Earth do people track replies on here?)
The "-journal" ending implied to me it was sqlite3, but they were images.. Hmm. maps of your location?
I don't have access to an android *phone* so can't check, but I can comfirm that at least until android lollipop you could grab the wlan mac, and the host mac on a tablet even without being granted the privileges "needed", so nothing would surprise me ( https://forums.theregister.co.uk/forum/containing/3520637 )
Of course, the host mac is good as a unique id (if the 'official device unique id' is denied)
Also, the wlan mac can be used to track you from their big database of snarfed wlan mac address.
Incidentally, I worked out how to do this after accidentally stumbling on an app that had my precise location in it's config/data file - despite me never authorising it, or even having GPS (not really much point on a TV box!)
Even some apps from "reputable" companies do this - it appears that the ad brokers follow no rules when it comes to what they'll try and grab... Don't they know unauthorised access is a crime?
"my precise location in it's config/data file"
Any particular format? Presumably something fairly compact (in "number of bytes" terms)?
"The "-journal" ending implied to me it was sqlite3, but they were images.. Hmm. maps of your location?"
If, hypothetically speaking, I wanted an app to unobtrusively track someone's location, periodically saving/uploading a harmless-looking image (*NOT* something that looks like a map) with the location data hidden in the image using steganography or similar, for later analysis, might be an interesting approach.
Are there any samples of this 256x256 PNG file ? Has anyone looked at the actual contents?
I'm getting confused - there seem to be 2 different anons posting here!
The format... It was just grid coordinates in text, not hidden.. It was part of a json or something. I've blocked all these ad slurpers on my router now.. .I'll see if I can find an example....
Interesting idea, though location data can be transfered in 4 bytes.. It would be pretty easy to hide that somewhere, without uploading an image... Uploading an image would set my alarm bells off immediately! Have they got control of my camera?!
Ok, I found this. I wrote a script that deletes all the spying data files, but this is obviously one I missed:
44 -rw-rw---- 1 u0_a194 u0_a194 43043 Aug 27 2016 /data/data/air.SpaceZombies2/shared_prefs/Appodeal.xml
Look for "Appodeal.xml" in the shared_prefs folder of any app (you'll need to be root though)
This is a 43K file, starting off like:
<?xml version='1.0' encoding='utf-8' standalone='yes' ?>
<map>
ap>
<string name="banner">{"status":"ok","ads":[{"status":"mopub","id":"YktV,,, etc.
decoding it gives a json file, uploading variables such as:
gender:
alcohol:
smoking: (how the f??? does it know that?)
Interestingly, it's also hacked other apps and uploaded their unique ids that were given to me, including: "admob, applovin, chartboost, inmobi, mopub, smaato"
The worst is this URL listed:
"url":"http://soma.smaato.net/oapi/reqAd.jsp?adspace=130015622
\u0026apiver=415
\u0026bundle=air.SpaceZombies2
\u0026device=Dalvik%2F2.1.0+%28Linux%3B+U%3B+Android+5.1.1%3B+R68G+Build%2FLMY48G%29
\u0026devicemodel=rockchip+R68G
\u0026devip=88.109.36.106
\u0026dimension=full_320x480
\u0026dimensionstrict=true
\u0026format=all
\u0026formatstrict=true
\u0026gender=m
\u0026googleadid=6d7d7151-9edf-4085-aa19-67726fd7dd1c
\u0026googlednt=false
\u0026gps=51.65765765765766%2C-4.0371868876609485
\u0026iabcategory=IAB95
\u0026kws=puzzle%2Ctools%2Cadventure
\u0026mraidver=2
\u0026pub=1001000335
\u0026response=html"
All those details were accurate at the time - as I said, I don;t even have gps on here, but if you look at the "gps" field, if you threw a hand-grnade at those coordinates, you'd blow up my sofa! (OK, slight exageration, but it's the coordinates of the playing field opposite!)
Although you will probably need root to get to it
Which reminds me - I'm going to need to replace my OnePlus 3 soon (it's getting a bit flaky - rebooting at random intervals - both on a stock ROM and on the custom ROM I use) and so I want to replace it. Requirements are:
2 SIM slots (I don't want to have to carry a 2nd phone for work)
Must be rootable (bonus if a custom ROM is available).
Doesn't have to have a headphone jack, would be nice to be at least splashproof and have a good camera.
Any ideas? I thought that the Nokia 8 looked like a vaguely good bet but I don't know how long they support their phones..
"Although you will probably need root to get to it,"
If you don't want to root your android, then Blokada will do the trick nicely. It's available on the F-droid store (banned from Google for obvious reasons).
Incidentally, Facebook aren't the only spyware bunch coming preinstalled/unreovable. Slimy spamhaus Linkedin has their app bundled with Samsung Galaxy 9 phones and it's also non-disablable.
Back when I used to use a smart phone, I seem to recall installing a local VPN app that created rules every time another app wanted to talk to someone. It gave you the option of denying the flow - so if you have s/ware you can't un-install you could always try blocking the data flow.
I'd definitely suggest giving dns66 (https://github.com/julian-klode/dns66) a tryt - it'll set itself up as a VPN on your phone so all traffic is routed through it, and then just black-hole ad sites. Don't know whether the domains the FB app is talking to are blocked by it, but it's worth a try. If the problem app is installed as a system app then you might have to go into the dns66 "APPS" settings and toggle it to show system apps since dns66 is set up so that traffic from system apps is (by defaut) not re-routed.
If using dns66 then you can also get it to use a chosen DNS server, e.g. an ad-blocking DNS server.
Any Android device is used only after Facebook has been killed with extreme prejudice.
1. It has an abominable level of access to your phone - more than google's own apps. I have dumped the permissions in human readable format before - have a read: https://forums.theregister.co.uk/forum/containing/3518874
2. It used to go into a tailspin without you having an account and use 100% CPU in some versions. So disabling it was a requirement if you did not have a f***book account.
3. Even if you do not have an account some versions still register as attempting to talk to mothership in an app level firewall in Android. So it is guilty of data collection until proven innocent even if you do not have an account and/or have agreed to Facebook terms. That as we all know is a GDPR no-no. I am eagerly awaiting the end of this month to unblock the "not uninstallable" factory f***book app on my phone for 5 minutes and capture its data profile. If it will be what I would expect it to be the Minuteman will start a final countdown for a 4% Turnover GDPR nuclear strike.
@Voland's right hand; "it is guilty of data collection until proven innocent even if you do not have an account and/or have agreed to Facebook terms. That as we all know is a GDPR no-no"
Indeed. Let's please, *please* hope those pathologically-contemptious c***s get metaphorically (#) hit by the GDPR in much the same manner as Joe Pesci was at the end of "Casino".
(#) No comment on the suspicion that there are some people out there who *would* be happy to see this happen more literally to Zuckerberg!
rotfl, they're selling YOUR soul, not theirs. And the fact that "the app is installed as a system app, not a normal one" is EXACTLY there so that it stays there and you, an average mug, can't just delete it because you heard something-something-privacy-issue. You know, this free shot you get? If you need to go out to find a dealer, it's a hassle and plenty of reasons to give up before you find one. But if it's there, RIGHT IN YOUR POCKET...
Nope it will be the phone.
I've always by SIM free and this sort of shit is always pre-installed.
We can only hope the time of reckoning has come and that governments* around the world start fining them in the tens of billions, rather than the millions.
*as recently demonstrated, the UK is not worth the tech giants time. I'm talking about ones that actually scare the organisations, not ones with as much bite as a dead goldfish.
I bought a new UK Android phone a few weeks ago. I previously had two network-independent and SIM-free Moto G II, (of the dual SIM kind), which didn't appear to have a pre-installed Facebook app.
4G coverage in relevant areas is now much better than 3G (which was non-existent), hence I have upgraded to a behind the curve (ie affordably does what I need) Moto G 5S (sadly, single SIM - but the dual SIM was mostly because of poor coverage) phone, again bought as network-independent, again apparently no pre-installed Facebook app.
What am I missing ? Is the FB app there in my phones but hidden, or what?
(I don't speak FB or Android but on a good day can just about cope with Wireshark Classic, if that's any help).
Thankfully the Facebook-App can be uninstalled, and the Facebook-App-Installer and Facebook-App-Manager CAN BE Disabled (on the one I have - Alcatel). You can also disable and de-permission every obvious Google app. But not MTKLogger / MTKThermal / Regulatory & Safety (jrdcom???). The System-Updater also can't be disabled. Its far harder to see what's running vs Android-4 too. You have to enable Developer-Options, then go there each time to view Running Services etc.
However, after doing this, almost no functionality exists on the phone anymore unlike Android-4. You can't even view photos taken with the Camera. Planning to visit F-Droid soon to look for a Firewall to block the rest. Hopefully we can find less-slurpy App replacement too... Any recommendations folks??? Maybe there are enough replacement apps and we can block everything else that looks suspect. But overall, its a fucking joke...
What a choice... This industrial Slurp or a Feature Phone. Thankfully Signal works ok. Had to be manually installed of course. Something like that would never be installed by default, unlike Gmail/Facebook. It has had to be side-loaded too, to get around not having Google-Play anymore. That means having to download it off Signal's website directly, and manually checking the download integrity by using Java Keytool along with a sha256 check.... Oh boy, what a world!
I have been using dns66 for over a year now. Works great, and you can customize the block/exclusion list, or even add your own DNS servers. The only thing missing from it it's secure connection to DNS servers over HTTPS/TLS. Last time I checked there were a few folks on Github asking the developer to implement it.
In the shop, look interested and excited as you ask the salesbot what applications come preinstalled with the phone. Let them rattle off the list, demonstrating on screen as they go, then say with a disappointed "Oh.", "Well, I don't do any of that crap, and I don't want it preinstalled on my phone. Do you have one without all of that on it?"
And when they say no, thank them politely and walk out of the door. You might want to ask them if they earn anything from sales commission at some point.
unfortunately, your vision of a punter / salesdroid encounter is just a vision, because in reality 99.9% just grab the shiny-shiny and even if the droid bothers to mention the slab comes with fb preinstalled, that 99.9% think or say: "oh, that's GREAT, how convenient, THANKS!"
So, while I share the sentiment, it's got NOTHING to do with reality. And don't remember that the register and the readers and their views on privacy, while tthey / we count for, perhaps, 99.9% of views in this forum, are less than a 1% of that 1% of punters in the mobile phone shop, who MIGHT walk out because fb, etc.
Sadly, I'm not convinced that wasting the time of some poor sod on minimum wage at a british high-street shop is going to achieve anything - it's not like they're going to immediately ring up the handset manufacturer or Facebook to report that someone's been behaving like a douchebag!
Back to the subject at hand, and I was mildly disappointed to see that my V30 (bought unlocked from CW on the aforementioned high street) came with Facebook pre-installed and un-uninstallable. As a business-orientated phone, I was rather hoping the built-in cruft would be kept to a minimum...
If I want them, I'll install them.
This is why custom ROMs are so good (if you get a good one) - none of them come with the Google stuff and so you can choose the level of Google ownership that you want - there's a GApps package to suit all sizes.
I tend to start off with the minimum-sized one with Play Store compatibility and then add other stuff on as needed.
No Google, I don't need Gmail, or Hangouts, or Photos or Play Movies, or Play Music or any other shit you think is "essential"
You're using a "free" Google operating system that by definition runs with full system privileges. Do you really think that uninstalling a couple of apps will stop the slurp?
I'm quite shocked to see how many phones come pre-infected with this. I'm a long time Nexus and Pixel owner, so I guess I've had a sheltered and uninfected life.
It's been many years since I've allowed a FB app near my phone, I can't remember which update it was, but one of them pushed the permissions requests just a little too far and I said "nope".
So far I've managed to survive with just a mobile browser (although FB actively detect and nobble the website from the built in Android chrome browser and try to force the app - you just have top get a bit creative and install another browser, or customise the user_agent tag).
"I'm a long time Nexus and Pixel owner, so I guess I've had a sheltered and uninfected life."
... Other than all the Google crud. And it's got all kinds of "keep you informed" alerts enabled. If you don't want your phone constantly telling you which celebrity is dating whom and who won various sports events, you need to go through a painful process of individually shutting down a crap ton of feeds.
Fortunately neither Facebook nor WhatsApp seems to be installed here. Pixel XL here, with a Nexus 7 2nd gen and a now-broken Nexus 5x, all running stock. ... Well, except the broken phone, which doesn't run anything.
You are not paying for it, you are receiving a discount/subsidy for it.
Granted, the subsidy might be paying for stuff you don't care about (often things like storefronts and customer "assistance" that doesn't assist), but recognize that, all else being equal, installing stuff on new devices is a profit center for the sellers.
Computer Misuse Act 1990 s1:
(1)A person is guilty of an offence if—
(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer, or to enable any such access to be secured;
(b)the access he intends to secure , or to enable to be secured, is unauthorised; and
(c)he knows at the time when he causes the computer to perform the function that that is the case.
Section (c) might be an issue, but a simple letter can easily sort that.
That's a good point, I'd forgotten that there's no case law on whether a phone is a computer yet.
Does the Facebook app run on tablets?
Of course if it's a phone then data stored on it must be communications, and accessing them without permission is what put those gutter dwelling slimeballs from the News of The World in prison.
Maybe if someone could somehow convince The UK Powers That Be that Facebook promotes the use and/or sale of Kodi-related things?
The UK Powers That Be seem to have convinced the cops, trading standards, legacy media, etc, that anything Kodi-related is fair game (whereas flaming domestic appliances can be duly ignored by the authorities).
Has anyone mentioned internet.org yet? Not just a facebook phone, a facebook Web.
1984 had nothing on this. Nor Gilliam's Brazil, nor the original Max Headroom. This is the worst of all of them, and more. For what?
...in the microwave. Fuck Zuck & his ilk, it's *my* property & *I* will determine what runs on it. If I don't want a (anti) social media application on it then it doesn't get to be installed. If it's already there then I get to remove it. Don't like it? Tough fuck, it's mine. I'll rip that fucker out by the roots, salt the Earth, & pour acid over the ground to make sure that weed never takes root ever again. If I can't root my own damn phone then I'll toss the fucker in the microwave for 99:99 & cackle at the explosion. Then I'll go out & replace it with either a device I *can* root or a complete burner phone that can't run apps at all. Either way FartBook/InstaScam/Twatter/etc won't be installed on it & those nosey bastards can go fuck each other with an AI-ML-"deep packet inspection" routine.
*Cough*
Sorry for the rant & vitriol, but I very recently tried to buy a SmartPhone & was told that the (anti)social media apps could not be carrier removed. "Those are part of the phone, we can't remove them." Even if the customer specificly requests that they be removed as part of the device's sale? "Sorry, we're not allowed." Fine, then I'm not allowed to buy the device. I'll vote with my wallet & my wallet says that you can just go fuck yourself with that device. I tried other carriers & was told the same thing in so many different words. If I wanted the phone then I *had* to buy the apps that were part of the software loadout. They couldn't & *wouldn't* help me uninstal said apps "since that causes issues with updates". Bullshit. Fewer apps means an *easier* update, not a more difficult one. "You could try a third party ((Chinese)) vendor for a rootable phone!" Yes, but then I can kiss goodbye to any vendor supplied updates & thus rely on a *fourth* party software vendor for support. As if it's not already hard enough to get the device maker to support their own damned devices, now I've got to wait for someone else to update it instead? Yeah, that's not a recipie for disaster.
*Sigh*
Just one more reason I use a feature phone. No apps to keep up to date, to become security holes that suck out my private data, & that can't be uninstalled because the manufacturer decided to squeaze a bit more blood out of that stone. Just a phone that makes/takes calls, text messages, & is smart enough to have a built in screen reader for the blind. It'll have to do. =-\
"Just one more reason I use a feature phone. No apps to keep up to date, to become security holes that suck out my private data, & that can't be uninstalled because the manufacturer decided to squeaze a bit more blood out of that stone. Just a phone that makes/takes calls, text messages, & is smart enough to have a built in screen reader for the blind. It'll have to do. =-\"
Guess what? Facebook is in feature phones, too! Don't believe me? Try a country in southeast Asia like the Philippines.
But at what point, when you chose a phone with an O/S created by the biggest data slurper of them all did you stop to think that, just maybe, data slurpage might be an issue? I do have sympathy, but it seems a little disingenuous to knowingly choose an Android phone and then moan that your data is being surreptitiously gobbled up by Facebook and Google et al.
Not that my IOS device is any different I guess. I think we all fu**ed.
I bought a BB Keyone SIM-free as I have real problems typing on the virtual keyboard of most phones and having read the article and comments I decided to do a check. With the phone connected to a PC to reduce the places to hide I was unable to find any reference to Facebook so there is at least one option out there.
The shame is you cannot check things like this before you buy the phone and it is becoming ever more needful.
I also checked my BB keyone (I also cannot use a touch keyboard and prefer real one) - no trace of Facebook aside from WhatsApp. I remember installing it for communication with work colleagues, so it is not as if I can blame someone else. Thankfully I no longer need it, so it has been just removed.
Your phone is *your* phone so it is personal information. Grabbing location/... data is taking personal information. Did you consent to this ?
Yes, you did consent. Remember that first setup after unboxing your phone? When you had to accept all those agreements in order to be able to use your property?
Oh, you didn't read them, just pressed next, next, next, agree.
Did you even notice there are a lot of links to websites that have another shitload of legalese explaining why you must agree to sell your firstborn in order to use the phone?
"Yes, you did consent."
No, you didn't.
1, The fact that Facebook pillages your personal data is likely not disclosed in any of the agreements. It'll be some generic legalese mentioning "our partners" which fails to say what, who, and why.
2, If there is no option to disable the collection of data, it isn't valid to imply "informed consent" because there is no mechanism to grant or revoke said consent.
3, In this juridiction, even though it is never enforced, all those terms that you "agree to" are utterly meaningless. Why? Because it is something (usually a restriction or somebody granting themselves permission that you would not knowingly grant) that appears after purchase.
4, In a good few cases, YOU never even agreed. In order to claim a service charge for helping with setting up the device, the rep in the telephone shop will unwrap the phone, install the SIM, power it up, tap through all the agreements, then check the device is registered with the network (and charge you for it). [1]
So, yes, I'd like to see this nonsense tested in court. And I mean a real court, not an American one.
1 - My S7 is the first phone that I tapped on the agreements myself (it's my fourth Android). I made it quite clear that if there was a Facebook app built in that could not be disabled, I was handing the phone back. She didn't know. Her S7 had it but she didn't know if it was built in or if she installed it. So she went to check another and by the time she came back I'd already fitted the SIM, so she just let me do all the rest and - hey - no stupid charge and no baked in Facebook.
I'd like to believe the news of recent months would have more people refusing devices with Facebook, but when I glance at people using their phones at work I see the same distinctive bluish layout on each of them... Oh well...
5: If you disable an app, and it somehow manages to reenable itself AND install the updates you'd removed, then that's an arguable explicit removal of consent that they just rode roughshod over AND unauthorised modification of your pocket computer that just happens to make phone calls too.
Forget going after Facebook. Just go after the manufacturers and watch how fast updates start coming out.
What tool is used to capture this background feed on a cellphone? Or is it inferred though Wi-Fi router logs etc, if phone is tested that way. Anyone know? I'd like to repeat this test myself. Is there a mobile Wireshark etc?
I put a WiFi access point on an old fashioned Ethernet hub and run wireshark from a PC on the same hub.
That's not going to work forever but my new gigabit switch allegedly has a packet trace function, haven't tried it though.
I would root my phone and remove this and some of the other "system apps" that I do not want, however I still want to use my banking apps and as soon as I root they stop
I have a 2nd phone which is rooted and has all the various xPosed and cloakers, but while some worked for a bit (except BarclayCard), when I currently try them the all fail.
I have even asked that they add a "I accept this phone is rooted and any losses caused by this phone will not be covered by <name of bank here> and I am responsible"
I also pointed out that on an older phone running an old Android (4.4) it was probably so bad that it being unrooted and running a banking app was possibly worse than a newer root android version
No answers on any of those
If you're up for rooting you're probably up for community ROMs which will not usually have this crap in. Some ROMs also have microG GMScore (https://forum.xda-developers.com/android/apps-games/app-microg-gmscore-floss-play-services-t3217616) which allows you to dispense with Google Play Services. You can be rootless in this scenario and still use your banking apps.
I'm pleased to say that the Nationwide app doesn't ask for any naughty permissions and relies on good old 2FA for the stuff I told them. Unlike the TSB app which I will not allow on my phone. Currently as a new customer (guess why) I am rather impressed with their security and their IT, I just hope someone isn't about to tell me not to be.
One supermarket around here (in order to avoid lawsuits let's call it Carrefive) used to had an interesting system to get customers to join their credit card program: when you paid at the cashier they ask if you were going to pay with the Carrefive card. When you answered cash or another credit card somehow they would summon a lady who would try, very insistently, to make you join their card program.
After this happening to me five, six times in a row, I've asked them to stop it, not because it was annoying but because it was pointless since they tried several times in a short interval and I wasn't interested. I guess they stopped because I was polite and smiling all the time while explaining that it was annoying.
Back to Facebook: maybe they're monitoring you because you have a cell phone and is not a Facebook user? Some marketers are probably scratching their heads thinking about what to do. They'll send the goons soon.
And the hired goons wont be too upset if you send them back with a black eye. It's all part of the way they do business.
Though usually I just let them bruise their fists on me while I glare at them, until they give up and go away. Or my personal favourite if someone attacks me with a knife, I take it off them, hand it back to them, and say "here try again, that was the first lesson". Only once has anyone found out what the second lesson is.
according to Facebook's T&C's the under 13
That is a regurgitation of a specific USA law which has no legal standing in Europe.
Every European country has different definitions of age of consent, age of criminal responsibility as well as sometimes various additional ages/permissions you need to comply with.
Nearly all of them are NOT 13.
In most cases we are looking at 16 with a couple of countries being on the extreme of 18. Providing a service which involves processing personal data to anyone younger than that without explicit parental consent (in some cases of BOTH parents) in writing is illegal as per the laws of the countries in question.
This is one thing for which F***book, Google and other slurps should have been taken to the cleaners long ago. It is an open and shut case and they should have been found criminally liable and dealt with.
Unfortunately, in most countries the DPA is either in their pocket or sleeping at the wheel. Even when it is related to "thinking about the children".
^ This.
I've mentioned before that in my new (mostly unused) Facebook account, there are things (apps) listed in my advertising prefs that they really shouldn't know about - sourced from my phone. I do not have the Facebook app, nor Whatsapp, or any other Facebook crud on it, so something *else* has got that info to them. If I do the 'download your data' thing, there is no mention of those apps (it doesn't include your account settings, so no advertising prefs are included) - so I'm hoping a Subject Access Request might yield the mystery source.
(I do have a suspicion as to that source - and if I'm right, the ultimate blame lies with WileyFox and an update).
I'd forgotten all about Yandex Zen - I found out how to disable (or at least hide) it soon after it appeared. Looking now, I can't see any trace of it anywhere; I note the phone is on Android 7.1.2 so I wonder if WileyFox removed it in that update? If they did, it rules out Yandex Zen because I triggered a very brief change in the apps that show up in my ad preferences on Facebook a couple of weeks ago when experimenting.
But if not - if it's still there and I'm just not seeing it - then that could easily be the real answer.
My actual suspicion was TrueCaller - another piece of absolute crap that appeared in the same update as Yandex Zen, can't be disabled, and replaced a perfectly good contact manager/dialler.
Its privacy policy contains this gem:
"By accepting the TrueCaller Privacy Policy and/or using the Services you consent to the collection, use, sharing and processing of personal information as described herein."
However, since it was foisted on WileyFox owners with no real choice (short of rooting phones and dealing with it that way), there is no option but to consent. Further down, it says:
"When you install and use the Services, TrueCaller will collect personal information from you and any devices you may use in your interaction with our services. This information may include e.g." followed by a list that includes "applications installed on your device".
There is a new privacy policy coming into force on (you guessed it) 25th May - and in the installation and use section, it still says the same.
Under the circumstances, I can only read it as "Since you use a phone on which TrueCaller has been forced on you, TrueCaller will collect..."
Do they actually think people believe this twaddle?
Ensuring the most up to date version? Surely that would be better accomplished by allowing users to install the app direct from the store on the day they want it? Pre-installing something is a guaranteed way of making sure it ships without the most up to date version.
Bell ends.
"Facebook insisted to The Register that no personal info is being trafficked, only things like the operating system version and device type that Facebook uses to keep the app updated."
If the app is installed it will automatically update itself to the latest version.
"By having Facebook apps pre-installed, we ensure people have the latest version of the application installed on their device"
They have to have the app pre-installed as that's the only way they can be sure it's the latest version.
Would Zuckerberg care to explain the direct contradiction between those two?
I had to uninstall all Facebook apps from my phone last year - for the second time. Fortunately they where not part of the OEM installation, so I could do this.
The reason was that, even if I didn't use these apps, they drained my battery by midday. Without them I get a clear day off a full charge.
What was particularly unacceptable was that even if I force stopped these apps - when trying to keep some battery life for emergencies - they kept restarting. At this point it became a liability, risk, and safety issue to have them installed - regardless of their covert data slurping shenannigans.
I only buy phones and tablets where I can do these three things. Not only can I get rid of all sorts of crap that came with the phone (though rarer these days) I also "lose" access to all Google apps and their potential for doing mischief.
It should be made much easier for consumers to do this sort of thing... my parents could certainly not do that, so I have to do it for them.
Got links to help? Some Root tools are scary, operate out of China and phone home a million things. Its hard to trust anything anymore... How do you infer which models you can safely root without bricking them for starters? Its hard to know for sure etc. XDA Developers is/was a good site, but not foolproof anymore!
It depends. I am an IT professional and I would just not use locked hardware if I can help it. Case in point: I recently needed NTFS access for my tablet's USB OTG. No problem with root, just install NTFS-3G and couple of utilities and it's good to go.
As you implied it all depends all on the maker and the model. I had positive experiences with Samsung and Moto hardware... but I agree that it can be a minefield. As so often it boils down to the amount of money one is prepared to spend... after having been burned in the past I decided to concentrate on "known good phones". They are a bit more expensive (though a Moto G4 Play, say, won't break the bank at all) but I use them for a few years and the peace of mind over that period is worth it IMO.
I wondered if I should jump ship back to Apple. With all this shit going on with Android (and no I don't want to root the phone for the reasons already stated) I wondered if returning to the warm safe Apple Walled Garden would be better.
Then I looked at my wallet (physical thing with cash inside) and decided Nah.
That would explain how my Facebook account knows which apps are installed on my phone. Even though I've never used Facebook from my phone, and disabled the impossible-to-uninstall app, I had missed the "Facebook App Manager" app until recently.
Only 3 days left before asking some pointed questions...
See also my comment further up. They know about some apps on my phone without any of their crap being installed.
Facebook installed and slurping.
Never started it, not on any menus, where did it come from?
So uninstalled it.
My phone already has a decent messaging system on it and also a semi usable voice chat system.
However voice chat is clunky and not a patch on an old Nokia N8 I am trying to resurrect
I run an Android custom ROM (LineageOS 15.1), rooted, and on the back of this article I performed a search using Root Explorer for "facebook", expecting to find nothing - after all, I'd done many full wipes and haven't had a stock ROM for a long time. I was amazed to find around 30 references in various apps. I've nuked them - if the app fails because of a missing Facebook reference then it's not an app I want to use anyway.
The sooner this dangerous foul application is closed down the better. What a shame that so may people continue to sleepwalk towards 1984... (and yes, I do appreciate the irony of using a Google device).
As long as you have access to a PC, a USB cable, and can find drivers for your device, you can use adb to remove any and all bloatware from your device:
https://www.xda-developers.com/uninstall-carrier-oem-bloatware-without-root-access/
Most people with Android phones don't realise that adb can be used to do a number of things you'd normally need to be root to be able to do...
Caveat emptor - if you remove something you later realise you needed, it's entirely possible you might cripple your phone. It's probably a good idea to make a backup of the apk files you're going to remove just in case you realise you need to put them back on again!
"best experience on Facebook right out of the box"
Except that never happens. The version of the app baked into the firmware is ALWAYS obsolete. So now your phone wastes space on a duff copy of the app and even more space replacing it with the current copy.
And if you never use Facebook you're stuck with it and whatever it's up to, e.g. stealing your contacts and usage info. At best you can disable this junk and pretend it doesn't exist. At worst you can't.
It's not just Facebook either but often other social media apps, antivirus software, dubious network/manufacturer services and so on. All cluttering the UI, draining the battery and reducing the chances of firmware updates.
even though he doesn't have an account with the social network, isn't therefore logged in, and has repeatedly tried to turn off background data.
I guess it's transmitting:
he doesn't have an account!
he isn't logged in!!
he has REPEATEDLY tried to turn off background data!!!
...
Dial F-A-C-E-B-O-O-K
Hello, Facebook, what's your emergency?
[transmitting...]
The USA, starting with Obama, started canvassing countries around the world advising the use of Chinese cell handsets was a risk security.
To me it's more likely the risk was they didn't have American spyware so the Americans could stick their snouts into everyone's business.
Basic cell handsets are the best - their Design Optimisation process eliminates even GPS!
My smartphone has no SIM and the only added application is MESH radio. Eliminating all the back-chatter sure makes the batteries last longer.
QUESTION: Who pays for the airtime of all the surreptitious collection of data?
Would that it were so. However, while I can't speak for Huawei, I have seen two ZTE phones purchased by family members. Both had facebook installed by default. Fortunately, on one it was possible to disable it (though not to uninstall it) without rooting, and the other phone was dropped and damaged so I threw it away. Don't assume another country is far enough away to avoid these parasites.
It's not Google, as stock Android doesn't contain Facebook and allows apps to be disabled.
As this is a network phone, it's likely sprint are taking a bundling payment from Facebook. It could be LG, but their SIM free firmware doesn't have this I believe.
Time to name and shame the offending party...
This is a fantastic example of why I won't be buying any more Android smartphones. Currently, I can use mine in peace, but I'm less sure about newer devices -- and I'm getting tired of fighting this arms race anyway.
I'm getting off this train. Facebook, Google, and numerous other app developers have thoroughly and completely poisoned that well.
Microsoft bought SwiftKey, a default keyboard on many Android phones - it cannot be deleted on such phones. Yet SwiftKey send all key-strokes to Microsoft servers.
How can we get rid of SwiftKey??
https://en.wikipedia.org/wiki/SwiftKey#Privacy_concerns
I think the newer Sony Xperia phones all come preinstalled with Swiftkey; I played with some of them at a phone shop. Previously (a few years ago), the Sony phones only have their own Sony software keyboard.
Sony probably made a deal with Swiftkey (Microsoft), bundling the app for some cash kickbacks.
Sony probably also made a deal with MobiSystems, loves to preinstall MobiSystems' apps on Xperia phones. For example, File Commander.
Sony also had its own proprietary music recognition app 'TrackID'. It was continued last year and the users were 'encouraged' to switch to Shazam. I won't be surprised if Shazam is preinstalled on newer phones.
Depending on your telco and/or locality, the pre-installed crap and various other slurping shenanigans might get really insane. I'm not interested in rooting the phone or installing custom ROMs and voiding its warranty.
I have not purchased any apps, bought any microtransactions i.e. I'm not 'invested in the ecosystem'. All I need to do is port over my contacts and chat messages from Android to iOS and I'm done.
I have never used a microSD card despite my phone allowing me to use one, so I won't be missing that on an iPhone. The only thing that I need from Google on an iPhone is Google Maps, and I can get the app from Apple's app store.
With newer Android phones getting notchy and removing the headphone jack, there are fewer and fewer compelling reasons to stay with an Android phone.
I'm rather surprised at the blatant data gathering.
Yet, somehow, I suppose I shouldn't be, considering who makes it, and how the revenue stream is structured, etc, etc.
As much as I like to berate Android, I grudgingly understand why people pick Android devices, be it customization, compatibility, cost, etc etc. (There are some features I would like to see in Apple from a UI perspective)
Yet when things like this - I do feel far more comfortable on the iOS platform.
Sure, Apple doesn't have all the answers, and is absolutely annoying sometimes, but I prefer their attitude towards privacy, compared to Google/Facebook/others...
Flame away, folks, if you must
No flame from me -- but I also don't consider iOS to be an acceptable replacement for Android devices. The issues are different, of course.
I can't find a smartphone from any manufacturer that I can make acceptable from a security point of view and that can still do what I want from a smartphone.
Luckily only over WiFi not mobiledata. Until I sat on my Tizen Z3 and killed it, it used to download 13 MB of FBmessenger each day. In spite of it being standard practice to check if a new version is available by comparing against the currently installed version, it appears that the Tizen version of FBmessenger downloads and re-installs itself every day.
"By having Facebook apps pre-installed, we ensure people have the latest version of the application installed on their device, giving them access to bug fixes, critical security enhancements, and other new product features." --- what a load of B***cks! If they want to ensure you have the best user experience, they don't waste your data and processing cycles running and downloading stuff you are never going to use. If they want to do what they claim they should do the download the first time you are stupid enough to use their product.
My little pub-quiz group are all Wileyfox fans and we've come up against a bit of a problem.
It has Truecaller pre-installed. Now, I really don't like Truecaller so have never activated its services as such, but it handles all the call management.
Ahead of GDPR, we had to agree toTruecallers T&Cs or it locked us out of making calls. The "deactivate" function didn't work. Now I started looking into it on the day it kicked off, but as I'd witnessed a nasty accident, I had to agree to the T&Cs before I could dial 999 for an ambulance!
When bloatware limits a phone users access to the emergency services until they agree to new terms and conditions, there's a bit problem.
"Facebook insisted to The Register that no personal info is being trafficked, only things like the operating system version and device type that Facebook uses to keep the app updated."
What a load of crap. I've done some Android software development; Google Play's software developer portal ALREADY tells the developer what makes and models of phone or tablet have the app on it, OS version, screen size, RAM and storage specifications, and so on, and Google Play Store can already use this information for updates. It lets the developer specify to install different APKs (android packages) based on OS version, screen size, phone versus tablet, RAM, etc., as well (i.e. phone versus tablet version of an app, or a game where it may have smaller or larger textured depending on device capabilities.) Facebook's app has zero reason to send the info they claim they are sending; frankly, FB should not be getting **ANY** information from anyone who is not actively using their app.
Honestly, if I bought a phone and it had FB junk on it, I'd try to root it to excise that garbage. If i found it could not be rooted, that phone is going back to the store for a full refund.
"If i found it could not be rooted, that phone is going back to the store for a full refund."
I did this once, almost 10 years ago. I bought a new phone (under contract) from AT&T, and discovered that I couldn't root it, as the phone was so new that nobody had broken the bootloader security yet.
So I took it back to the store and returned it, telling the precisely why, and requested the older model of the phone which I knew could be rooted.
The AT&T salesdroid gave me no problems over this, and even mentioned that for any extra $200!) they sell a "developers" model of the same new phone. The only difference is the bootloader isn't locked in it.
That was the last time I bought a phone under contract, and the last time I bought a phone from a carrier.
"That is interesting because I have both Facebook and the Data Manager disabled on my Android phone. I am not sure if that actually helps but I am able to disable both."
Yeah, I think the difference is on your phone, they shoveled^H^H^H^H pre-installed these as apps. On the phones where this can't be disabled, they improperly stuck these on as SYSTEM apps. Since system apps are supposed to be performing important system functions, the GUI doesn't allow disabling them (most people wouldn't want to disable for instance the phone dialer or settings menu.)
I'm pissed off with my android phone constantly telling me that it's running out of memory and that I need to transfer apps and data to the SD card. Which has over 15 GB free. The phone would have enough left of its own 8 GB if it weren't for the plethora of installed apps that I can't remove. Why the frog would I want to watch video on a screen that small? I don't want the YouTube app but I can't get shot of it. I've no freaking idea what the Google app does apart from open itself spontaneously now and again.
I want a Linux phone that I have full control over with no apps and everything online accessed through the browser of my choice. Google, Sony and EE have more control over my phone than I do and that really pisses me off. I don't put up with Microshaft and HP controlling my PC...
in countries where you pay by the byte for data (@Telstra here in Australia, I'm looking at you) especially if the crap is pre-installed on a phone bought from the carrier who pays for that data? The user (was there disclosure?) or the carrier (have they zero-rated the IP/URLs this shit talks to)?
Pixel2 user (after a couple of Nexus devices) so not suffered from too many pre-installed apps (apart from the Google spyware and multitude of messaging apps) but it looks like Google may be in the spotlight for this already - https://www.theregister.co.uk/2018/05/14/oracle_tells_tales_about_google_data_slurps_to_australian_regulator/
All this means is that they bought the wrong phone, and the set of phones which contains all those which could be called "the wrong phone" is getting larger. Here's a link to a growing set of phones which could be called "the right phone":
LineageOS 15.1 Official Supported Devices List
I'm (sadly) shopping for a new phone (and starting on that page) because I can afford all the parts for e.g. a ZeroPhone or my own take on what it could or should be-- but I just don't have the time to pour into it :(
No, "The Right Phone" is one that comes with no such crud in its STOCK ROM since those are the only ROMs that are certain to allow all the apps (including the ones that test SafetyNet and so on and thus can detect roots and custom ROMs--Lineage itself disclaims itself from those apps). And the ZeroPhone isn't an option either because it lacks enough app support.
Your right phone is wrong for me and having the usual app store be optionally absent is a huge plus on Lineage's chart. OTOH, ZeroPhone has all the Raspbian repos, so that's neat. It's up to everyone to figure out they'd rather have their phone be a super kick-ass multi tool that embeds itself deeply into their mortal existence, or maybe they just want a small portable computer that sends commands to a modem to make phone calls. And holds a contact list, and SMS in/outboxes, and maybe short notes a.k.a. "plain text files"
'"It's up to everyone to figure out they'd rather have their phone be a super kick-ass multi tool that embeds itself deeply into their mortal existence,"
That's what most people want (myself included; on-the-spot research is very valuable these days), so you're outvoted.'
I use a dumb phone for actual phone stuff, and a smart phone for my super kick-arse multi tool.
Though a small part of the reason for that is that sometimes I use my smart phone strapped into a Google Daydream to give VR demonstrations to senior citizens. I don't want the thing suddenly ringing loudly while it's strapped to some poor octogenarians noggin, who was quietly sitting near a virtual pond feeding virtual ducks, then to rip it off her face, quickly pull it out of the headset, and answer with "Um, hang on a minute while I call an ambulance, little old lady right in front of me is having a heart attack, and I think I just broke her nose." while hungry virtual ducks quack loudly in my ear.
But when manufacturers decide what phone to make next, numbers count, meaning your isolated decision isn't going to matter much and they'll make what everyone else wants: locked-down turnkey stupid phones that phone home, include irremovable spyware, and won't let you change out the battery when (not if) it wears down.
Frankly, the phone I want (thick with removeable battery, SD support, absolutely minimalist ROM with everything but Call, Messaging, and Toolkit optional BUT with full app support for the ones I DO choose, do root and custom is not an option due to SafetyNet and dm-verity, built-in app and Nandroid backup facility) doesn't exist and probably never will be. Unless you know someone willing to make such a phone from scratch...
... and not have the root password?
I get it that phones are overhyped embedded devices and as such they are not very user friendly choosy about who their friends are, but why would you make a personal investment on a device that is not under your control?
As a devout blackberry Passport user, I've been accustomed to the gradual non-functioning of various apps including LinkedIn and Whatsapp as support was withdrawn from them. I'm beginning to feel quite smug when I hear about the data-slurping antics of the US mega corporations...still the best phone ever (IMO), if you're concerned about data privacy, since no-one but government agencies and compliant ISP's can be bothered to update such a small demographic of users, take a look. You can buy one for a couple of hundred quid..
I have an issues with google voice search on my s8, where by every time i do a search, it says "we have noticed that you have turned off google voice tap here to turn it back on"
I keep dismissing it and they keep asking its been going on for months now, i dont want google voice always listening for me to to say OK google.
how many times do i have to dismiss a google message to get it to leave me a lone, feels like they are trying to nag me to give in and turn the dam thing on, tried contacting google the makers of android but they just say its samsungs fault and vice verse...
We have partnered with mobile operators and device manufacturers to pre-install Facebook apps on Android devices to help people have the best experience on Facebook right out of the box and during the life of the device. By having Facebook apps pre-installed, we ensure people have the latest version of the application installed on their device, giving them access to bug fixes, critical security enhancements, and other new product features.
Is this bullshit expected to work? Straight out of the Trump/Conway/Huckerbee-Sanders/Chemical Ali school of brazen crap.
Even if their reasoning was true, it would be pre-installed as a user-app not a system one.
It's because of this type of shit the EU came up with GDPR - Facebook et al. should be careful that the US government doesn't do similar....
HAHAHAHA - I'm joking, of course - America is run by the BOD (Business Orientated Democracy) - but don't feel alone, apparrently a large number of UK citizens don't enjoy rights either, so we voted to leave the EU. I'm sure the UK will dilligently play catchup to our American overlords.
[ We really need a "bullshit" icon ]
Same going on with the Samsung purchased from PCWorld.co.uk. I am of the opinion there is a modern day version of the Phoebus Cartel in operation with the players being at least Microsoft, Facebook & Google because I am surprised that reports from ActionFraud.Police.uk can disappear from their systems.
As we only deal with a call centre, its virtually impossible to identify who is at the other end of the phone despite what they might tell us, plus call centre staff invariably don't take ownership of calls and follow reports through to conclusion, its just passed on to those higher up to make "difficult" decisions for the proles.
One other elephant in the room, is the ability to update firmware on a variety of chips found within computers and peripherals and yet no manufacturer provides a tool to verify its their firmware.
Only Mitre's Copernicus tool can check the bios if you are a large enough company with near identical computers.
The Intel ME Cleaner found on GitHub which partially de-blobs Intel CPU's means its technically possible to install malware inside an Intel CPU as the measures put in place by Intel to ensure the ME has not been tampered with is not sufficient to spot its been partially de blobbed, but who can show me a security product that checks the Intel ME cleaner is genuine?
Who cares if you have DD dev/zero'ed or dev/random'ed your hard drive before reinstalling your OS again if its your, bios, cpu and harddrive hiding the malware for you?
Check out ModSprites HDDHack to find out how to insert malware into your hard drive controller, if you want to know more!
Now lets see what page on the comments the bots push this down to says the cynic.
These two Facebook related apps only appeared AFTER an upgrade to Android 6.0 (Marshmallow) probably because Marshmallow (finally) allowed for some small degree of control over an apps PERMISSIONS.
The mysterious Facebook apps in question allow Facebook to update the Facebook app without user intervention and bypass the Google Play Store.
These two Facebook apps are usually found on Android devices that have Facebook pre-installed with other bloat on Android 6.0 and higher.
From what I've seen in testing, the user cannot "sideload" a generic copy of Facebook app unless it was extracted from the same Android device because the two apps in question check SHA sums.
More research is needed of course but my initial belief is that the mobile phone vendor that bundled the device with the Facebook app and other bloat (may) have access to the users social media data as would a developer would if a user logged into an app containing the now infamous Facebook Graph API.
I think it is also very telling that there has been no "official" security researchers looking into this.
Probably because all the "antivirus" companies are guilty of exploiting the Facebook Graph API as well.
Why not instead be for vendors not handing us a pile of sh...?
The position that it's OK to supply a grossly faulty product and then spend its entire operational life tinkering with it to fix those faults would not pass muster in any branch of real engineering, from house building to aerospace.
Unfortunately, since software is now increasingly incorporated into almost everything, other products previously based on real engineering (including aerospace) are being dragged down to a common abysmal standard. This is not just an inconvenience or an annoyance - it's becoming downright dangerous.
We should not be for "regular security updates" - we should be for getting it not so grotesquely wrong in the first place.
Hey,
Facebook not only takes our personal data but also ruin our phone via
1. Facebook Drains Battery
2. Making Your Phone Slow
3. via Consumes a Lot of Data
4. usage of internal memory
5. It has all the permission of your phone
And after all of it, we can't uninstall this app via our phone because of it's in the internal app which is come via
our mobile
This is totally unacceptable
I have one idea we have not permission to uninstall this app but we have to disable button via which we can stop facebook to takes our data or drains the battery.
By this facebook app frozen which is the best idea to do with Facebook.