According to recently published internal documents, Facebook executives predicted a public backlash over an update to the company’s Android app which would send call and text data to Facebook.
Recently published internal Facebook documents show that executives predicted a public backlash to their Facebook Android app update which would see users call and text data transmitted back to Facebook. In an internal email, former Facebook Product Manager, Mike Lebeau, discusses the PR risks of the app update, stating that despite this the “growth team” will “charge ahead and do it.”
The email from Lebeau reads:
Hey guys, as you all know the growth team is planning on shipping a permissions update on Android at the end of this month. They are going to include the “read call log” permission, which will trigger the Android permissions dialog on update, requiring users to accept the update. They will then provide an in-app opt-in NUX for a feature that lets you continuously upload your SMS and call log history to Facebook to be used for improving things like PYMK, coefficient calculation, feed ranking, etc.
This is a pretty high-risk thing to do from a PR perspective but it appears that the growth team will charge ahead and do it.
Separately, Gravity team had been intending to ship the Bluetooth permission on Android at the same time – in fact we’d already delayed to accommodate more permissions from the growth team, but we didn’t realize it was going to be something this risky. We think the risk of PR fallout here is high, and there’s some chance that Bluetooth will get pulled into the PR fallout. Screenshot of the scary Android permissions screen becomes a meme (as it has in the past), propagates around the web, it gets press attention, and enterprising journalists dig into what exactly the new update is requesting, then write stories about “Facebook uses new Android update to pry into your private life in ever more terrifying ways – reading your call logs, tracking you in businesses with beacons, etc”.
Gravity had a great initial reception. This is because we took painstaking steps to ensure that we had a clear story of user value for the hardware and spoke from a position of transparency but not over-emphasis about the potentially scary bits. But we’re still in a precarious position of scaling without freaking people out. If a negative meme were to develop around Facebook Bluetooth beacons, businesses could become reticent to accept them from us, and it could stall the project and its strategy entirely.
So we’re still treading very carefully, and of course the growth team is also managing a PR risk of their own with their launch. >Given this, and the fact we have lots to iterate on with iOS, and we can still do non-beacon place tips on Android any time, we’ve been thinking the safest course of action is to avoid shipping our permission at the same time as “read call log”
Normally we’d have to wait until July for the chance to ship again, since we only ship Android permissions updates a couple times a year as they tank upgrade rates. So our options, aside from the “ship together and pray” option which feels too risky to me, are to wait until July to ship the Bluetooth permission on Android or ask for a special exception to ship our permissions update sooner.
Sipping permissions updates on Android has the downside of tanking upgrade rates, so we try to do it infrequently. But there could be an argument to doing it sooner in this case, as a compromise to allow both teams to continue moving fast, without unnecessarily conflating two PR risks into one.
Lebeau was absolutely correct in what he believed the public reaction to the updated Android permissions would be, at the time of the update Ars Technica wrote:
This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years’ worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received
This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us — my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata.
During the email exchange between Lebeau and a number of Facebook executives, it was discussed whether or not it would be possible to update the Android app without users seeing the new permissions that users would be agreeing to. One Director of Product Management, Yul Kwon, stated:
Just as a heads up, I was in a separate meeting with Lindsey today, and I got the impression that Release Eng would be very opposed to an intermediate launch. We should definitely explore this, of course, but should expect strong reservations.
Also, the Growth team is now exploring a path where we only request Read Call Log permission, and hold off on requesting any other permissions for now.
Based on their initial testing, it seems that this would allow us to upgrade users without subjecting them to an Android permissions dialog at all.
It would still be a breaking change, so users would have to click to upgrade, but no permissions dialog screen. They’re trying to finish testing by tomorrow to see if the behavior holds true across different versions of Android.
Following the release of the Android app update in March, Breitbart News reporter Charlie Nash wrote:
Following the report, Facebook attempted to ease concerns from its users in a blog post, Sunday, where the company claimed news reports had been inaccurate.
“You may have seen some recent reports that Facebook has been logging people’s call and SMS (text) history without their permission. This is not the case,” claimed Facebook. “Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android. This helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook. People have to expressly agree to use this feature.”
However, despite Facebook’s claims that users had to explicitly opt-in to the data collecting, Ars Technica noted that in several cases users had not.
“This contradicts the experience of several users who shared their data with Ars. Dylan McKay told Ars that he installed Messenger in 2015, but only allowed the app the permissions in the Android manifest that were required for installation,” Ars Technica explained. “He says he removed and reinstalled the app several times over the course of the next few years, but never explicitly gave the app permission to read his SMS records and call history.”
Read the full 250 pages of recently published internal Facebook documents here.