Tags: Facebook, GPS, security
Yes, they’ve done it again.
The most-recent update of the Facebook mobile application (Android and iPhone) reverses and resets the default settings for “Location Services”, so that every single Facebook message you send, also sends your exact GPS coordinates to the recipient (and to Facebook’s own messaging servers), even if you have your GPS disabled on your phone. When the GPS is disabled, they fall back to AGPS to determine your coordinates with incredible accuracy.
Yes, even if you’ve had it disabled before, a recent update of the mobile app resets these preferences to expose your location when you’re using their Messenger app to send or receive messages through the app.
This is so specific, it actually revealed that I was in my kitchen (in the rear of my house), and not just my approximate street address on my road. Zooming into the map they helpfully provide, shows where inside my house my phone is when I sent the test messages that revealed this issue.
To prevent your phone from exposing your location with every message, go into your Facebook mobile application settings, and disable “Messenger Location Services”, as below. When you disable it here, your messages will just show “Sent from Messenger” or “Sent from Web” inside the app, instead of showing a map and GPS coordinates.
Click on the images below to see them full-size.
They may still be sending GPS coordinates with each message to their messaging servers, but not exposing it to the recipients when you disable this feature, but there’s no confirmed way to tell.
I don’t use the native Facebook mobile app to send or receive messages, opting instead to use Trillian Mobile for Android, which does not pass the GPS coordinates with each message. In addition, I can use all of my IM and chat services at once, in one interface, including Facebook, seamlessly. They have desktop apps and a web interface also, for those who wish to use those natively on any platform. Highly recommended.
Facebook, I’m not impressed with your complete lack of understanding of core security and privacy issues. This is 2013, and no application should be sending GPS coordinates to message or email recipients. Imagine what would happen if a random, unknown person were to message me, and I replied back to them. I’ve now exposed my personal location, which could include my home address, to a level of accuracy that includes where inside my home I am when I’ve responded.
In a word: Disgusting.