It should come as no surprise that most mobile apps run some sort of analytics on user behaviour. But in the case of Facebook, the social network’s Messenger app for iOS apparently tracks quite a bit more than most users likely realize.
iOS forensics and security researcher Jonathan Zdziarski spent Tuesday morning disassembling Facebook Messenger’s iOS binary, at one point declaring via Twitterthat “Messenger appears to have more spyware type code in it than I've seen in products intended specifically for enterprise surveillance.”
In an email, Zdziarski said that Messenger is logging practically everything a user might do within the app, from what and where they tap, to how often a device is held in portrait versus landscape orientation; even time spent in the Messenger app, versus the time it spends running in the background.
Some of this is expected behaviour for an app developer, of course. But of greater concern are the other things Zdziarski discovered, whose intended purpose is less clear.
“[Facebook is] using some private APIs I didn’t even know were available inside the sandbox to be able to pull out your WiFi SSID (which could be used to snoop on which WiFi networks you’re connected to) and are even tapping the process list for various information on the device,” he wrote in an email.