‘Facebook app uploads system library files without permission’

The Facebook app for Android scans the phone’s system libraries and uploads the files to a server. So says security researcher Jane Manchun Wong. It’s not clear what Facebook will do with the information, but it doesn’t seem possible to decline the upload.

Wong discovered that the Facebook app “periodically” forwards system library metadata to a server. This would be known within Facebook as the Global Library Collector, in the app code this is called GLC. Facebook would also compress the entire files of the system libraries and send them to a server. The Facebook app would send these files to a “specific collection related to my phone,” Wong says.

According to Wong, it is not possible to refuse the collection of the files or to see what has been collected. The purpose of GLC is not clear to Wong, she is guessing it could be used to check the integrity or compatibility of a system. Some developers and privacy consultants respond that this may involve fingerprinting and that this could be in violation of the GDPR.

Facebook has been under fire for some time for privacy violations. Earlier this year, Facebook founder Zuckerberg announced that Facebook needs to get a greater focus on privacy. According to Wong, other apps from parent company Facebook do not use GLC.

Jane Manchun Wong is a twitter user who researches apps in her spare time to look for security vulnerabilities and new features. In the past, she has often found new features in apps before developers wanted to bring it out.