UPDATED (Facebook Responds): What Exactly Is Facebook Messenger Tracking On Your Mobile Device?


These days it seems to be increasingly difficult to see exactly what permissions you may be giving a mobile app when you install it on your device. Both Apple and Google have been accused of over-simplifying the notifications to the point that it is nearly impossible to tell just exactly what – and more importantly why – an app is accessing a certain area of your device. Facebook Messenger is no exception and forensics researcher Jonathan Zdziarski has taken a look at the iOS version and found just how much Facebook is tracking through their latest app.

UPDATE (11/09/2014: 12:39pm PT): Facebook emailed us with this statement regarding Facebook Messenger and this article:

“These accusations are completely unjustified. Privacy is core to our approach with Messenger, and like any developer, we analyze usage trends to make our apps better, faster, and more efficient. As an example, with regard to what where people tap — when we noticed that people were using the ‘Like’ stickers a lot, we modified the app so that people could send them with fewer taps.”

We did indeed mention below that some of the permissions being accessed definitely fall under this use, however the issue lies with some of the other processes Zdziarski discovered and the use of private API’s. Given some of Facebook’s past practices in web tracking, it’s no surprise that users might be questioning what else they are tracking within their apps. Ultimately, it is up to the user to accept what permissions apps have access to by installing them, and by doing so showing just how much trust they have in the company developing the application.


Many Android users have expressed concern with the app as when it’s installed to an Android device, users are first presented with a screen listing (albeit generally vague when accessed on the device, the permissions are better laid out on the Play Store website) what areas of the device the app is requesting access to. On iOS devices however, users simply select the app from the App Store and install.

Zdziarski started tweeting out many of his findings via Twitter and had this general statement to say about the app:

In an email to Motherboard, Zsziarski goes on to say that:

 Messenger is logging practically everything a user might do within the app, from what and where they tap, to how often a device is held in portrait versus landscape orientation; even time spent in the Messenger app, versus the time it spends running in the background. via Motherboard

Of course some of these can be chalked up to simple user experience analytics, it can be useful for a developer to understand how a user is using their app, how much they are using it, and in what orientation. More troubling however, is the fact that Zdziarski says that the app is “logging practically everything a user might do within the app” – if it’s also tracking how much time is spent in the app versus time the app is running in the background, it’s not a stretch to wonder how much it’s tracking period… whether in use or not. He also mentions that the app is using some private APIs that he didn’t even know were available. Independent security researcher Ashkan Soltani responded to Motherboard’s inquiry regarding the app as well.

I asked independent security researcher Ashkan Soltani via email whether Facebook’s relationship with Apple—having a user’s Facebook account baked directly into iOS—might give Facebook access to private APIs and capabilities that other developers don’t have. Soltani wrote that he believed my hunch was correct. via Motherboard


Zdziarski sums it up – a bit tongue in cheek – but all joking aside, perhaps it’s time to question whether or not you really need this app on your device.

Given the short time the app has been out, and the number of installs – between 500,000,000 and 1,000,000,000 on the Google Play Store and one can only assume a similar number on the Apple App Store, it appears that users either aren’t understanding the access they are giving the app, or maybe they just don’t care.

What are your thoughts on apps and the amount of your personal data they can access? Do you have Facebook Messenger installed? Why or why not? Let us know in the comments below, or on Google+, Facebook, or Twitter.

  Source: Motherboard  Source: Twitter

To Top