Android's permissions system used to be more permissive than it should have been, and according to Ars Technica, Facebook was taking advantage of that little loophole to harvest call and SMS data. By exploiting the fact that pre-4.1 Android permissions could be requested by apps on the Play Store up until last year, and that those earlier permissions automatically granted call and SMS access together with requests to access contacts, Facebook was able to collect and store metadata associated with each from those that gave the app those permissions. 

Read More