Facebook Messenger May be Sending out More than Just Your Message
The road to a separate Facebook Messenger app has been a long one. While a separate app just for messaging has been in the cards since 2011, it wasn’t until 2014 that it became a reality. Now, you no longer send Facebook messages via the regular app, but this specialized messenger-only app. And today, even if you don’t have Facebook, you can still download the app and use your phone number to join.
Additional upgrades to the app, including the ability to send money via the app in 2015, and the advent of voice and video chats, leveled the playing field between Facebook Messenger and rivals like WhatsApp and Viber. With its multiple layers of functionality and access to third party apps for various add-ons, the Facebook Messenger app has grown into its own thing, separate from the ‘regular’ Facebook app. But what does all this mean for your privacy?
Changes to the Facebook Messenger App and What It Means for You
While all these advancements seem amazing, there is an unfortunate side effect – it increases the risk of identity theft. Once you download the app, to use it you need to agree to the terms and conditions. Have you read the ToCs? Probably not, most of us skip them. Therefore, you remain blissfully unaware of what it is that you agreed to when you downloaded this ‘free’ app.
You may not be paying for the app with cold hard cash, but you are paying with your privacy.
Once you accept the ToCs, you agree to allow Facebook to collect lots of information about you. While the majority of this information is used to create personalized ads and tailor goods and services to the individual, if the wrong people get their hands on this information, it can greatly increase the possibility of identity theft.
What exactly are you giving the Facebook Messenger app access to when you click the ‘accept’ button:
App and Device History. The app will be able to read any sensitive log data, go through your browser history and bookmarks, and information on any running apps.
Identifying Information. The messaging app can access your profile information and read your contact card, as well as find and/or remove accounts.
Contact Information. Facebook’s messaging app can read AND modify your contacts, as well as go into your calendar to read it, modify it, and send messages to your contacts regarding your calendar.
Possibly one of the scariest parts of the new app is the GPS tracking capability.
GPS tracking does communication easier – if are meeting up with a friend, you can send them your exact location to come and find you more easily. This, however, opens the door to a host of issues. Every time you send a message, your location will also be tagged. While if you are one-on-one with someone you know, this isn’t too scary; but if you are in a group chat with people you don’t know, they will be able to see where you are. Do you want strangers knowing your exact location? You may want to turn your GPS off.
And there is other information as well the app can take from you – it can read your SMS messages, check out your call log, look over what’s stored on your phone and any external storage (like an SD card), and record audio and visual.
iOS forensics and security researcher Jonathan Zdziarski explained to Motherboard: “Ultimately it comes down to whether or not you trust Facebook not to take advantage of their position on your device to snoop on you. The technical capabilities to do so are certainly there.”
Here’s the TL:DR version: any vulnerabilities in the messenger app could potentially lead to the spilling of your personal information.
How This Can Lead to Identity Theft
Do you know what Facebook does with the information it collects? We do know it sells some of this information to third-parties, which is why the app remains free. (There are issues with this as well, but that’s for another day, and another post.) But with the cyber-crimes black market growing at an exponential rate, what stops someone from hacking into Facebook and getting this information? If this information were to get into the wrong hands, information like names, phone numbers, pictures, and locations can be sold to the highest bidder.
Is Facebook messenger security tighter than Fort Knox? We’d like to think so, but with large corporations like Uber, Target, and Equifax suffering the consequences of large-scale hackings, we can never be too sure. There is always the risk of identity theft via social media, and the Facebook Messenger app is no exception.
How to Protect Yourself Against Facebook Messenger App ID Fraud
Protecting yourself in a world where data collection, leaks, and fraudsters are becoming ever more difficult to spot, has become increasingly important. With Facebook messenger privacy being questioned, here are just a few tips and tricks you can take advantage of, to keep yourself from becoming a victim of ID fraud:
- Make sure you know everyone on a group chat before posting private information as well as giving away your location.
- Do not reply to messages from people you do know that look odd, it is possible a friend’s account was hacked, and a scammer is trying to get more information about you.
- Never share your online credentials with anyone.
- Set up a two-step verification on Facebook for an added security layer: Click on the down arrow on the far-right side of your Facebook homepage >> Settings >> Security >> Login Approvals >> enable Facebook’s Two-Factor Authentication.
- Make sure your date of birth is not placed publically on your profile and is viewable to your friends only. Scammers can click through from the Messenger app to your profile and easily access this info.
- Refrain from using a passport-style photo as your profile picture.
- Do not use the Facebook Messenger app while connected to a public Wi-Fi account.
What to Do If You Are a Victim of ID Fraud on Facebook Messenger App
If you do happen to fall victim to identity fraud, then don’t panic, there are a number of things you can do right away to limit the damage:
- Immediately change your Facebook passwords.
- Place a fraud alert on your credit file – this will ensure businesses verify your identity before issuing credit in your name.
- Freeze your credit cards.
- Create an identity theft
- Report the hacked account to Facebook and/or the individual responsible.
- Maintain constant vigilance when it comes to your Facebook account, and give your privacy settings a once-over to ensure as much security as possible.