A lot of users were concerned with this application, so we selected it for further study. (One caveat - we did this case study in the spring of 2012 and just didn't post it until now. As the facebook application has since been updated it may not be accurate).
Overall, we predict that it exhibits intrusive location behaviour, such as asking for the user's proximity to other locations. It accesses video functionality, as well as information about the carrier and phone number. Users seem especially concerned about its ability to access their phone number and location. They don't seem very concerned about use of the Internet.
The profiles that we provide to users are somewhat simplified, as we did not want to overwhelm users with information. Additionally, we have some data on the context in which behavior occurs - whether in the background, in the foreground, or in direct response to user input. However, this information is not as accurate as the other information we collect, so we decided not to make it available in general. A more detailed profile for Facebook can be seen here. The key feature to note is that the location-related behaviour and the phone number related behaviour tends to occur in a component that users interact with directly.
Additionally, we did not detect anything related to SMS messages (which Facebook asks permission for). We did some dynamic analysis on this application to verify our findings in general and we were not able to trigger any SMS-related behaviour. It is unclear why they requested permissions that they never used, but doing so is not entirely uncommon.
Overall, this application is less intrusive than it might seem - Facebook's reputation for invading your privacy may, in this case, be a little overblown. First, this demonstrates the problem of permission over-use - developers over-requesting permissions make permissions less meaningful, and make it harder for users to make informed decisions. Additionally, this may suggest that it is valuable to distinguish between events triggered by a user directly and those that are hidden from the user.
Our profiles suggest that the application itself is not very intrusive. However, like many free applications it contains ad libraries (we detected code from five!) These ad libraries are responsible for much of the privacy-intrusive behaviour. Again, we did some dynamic testing to verify this. We did, however, not detect any use of the telephony manager or sensor manager when we did dynamic testing.
This demonstrates two important features of our analysis. First of all, false positives will always be an issue in static analysis. Second, ad-supported applications might have a hidden cost in terms of privacy. If you are an application developer, and you think your user base might be concerned about their privacy, it might be worth looking into what, exactly, the ad libraries you are using do. We have found they vary enormously in how intrusive they can be.
This was the application most highly rated as benign by users, so we can get an idea of how a positively ranked application might differ from a negatively ranked one. There are a few differences with the other applications:
We have no commercial interests in this app, and use the Internet permission only to deliver summaries to your phone and allow you to submit feedback. We track individual feedback submissions via a large, random number generated on your phone (which is not derived from any personally identifiable information in any way). You can opt out of this by unchecking the checkbox on the feedback page, or alternately by not submitting feedback.
We are researchers at the University of Michigan, in the RobustNet research group. We are interested in security, performance and network characterization in mobile devices. Our other apps include MobiPerf, a tool to characterize your network, and PowerTutor, a tool to characterize the power consumption of system components and different applications.
You can contact us at appprofiles at umich dot edu. Feel free to send us any of your questions or suggestions.