Security researcher Jonathan Zdziarski claims (via Motherload) that “[Facebook is] using some private APIs I didn’t even know were available inside the sandbox to be able to pull out your WiFi SSID (which could be used to snoop on which WiFi networks you’re connected to)” as well as more mundane analytics like which way users hold their devices, where they tap the screen, in addition to capturing the “the process list for various information on the device.”
He also tweeted that “”
While Facebook’s record on privacy suggests this type of monitoring of users is expected, Zdiarski was surprised at the sheer amount of data available to be fed back to Facebook: “Messenger appears to have more spyware type code in it than I’ve seen in products intended specifically for enterprise surveillance….Ultimately it comes down to whether or not you trust Facebook not to take advantage of their position on your device to snoop on you,” Motherload reports Zdziarski wrote. “The technical capabilities to do so are certainly there.”