Hidden in an update that rolled out on Jan. 27, some other users reported that they saw this new permission request appear as soon as December. As Facebook grows, adds features, and seeks new revenue streams, it's been asking for more and more control of what goes on in your phone — but this bald-faced grab for your texts is the most blatant info-snatch yet.
There are legitimate uses for this permission — Facebook briefly attempted to integrate SMS into their mobile app, and Facebook might want to scan your messages for SMS confirmation codes — but the information-hungry marketing and advertising departments fueling the social media's income simply wouldn't be doing their jobs if they didn't exploit every opportunity they have to collect mineable data.
Facebook claims that the SMS permissions are used to "automatically intercept login approvals SMS messages for people that have turned 2-factor authentication for their accounts, or for phone confirmation when you add a phone number to your Facebook account."
According to the company, Android doesn't support the ability to let Facebook scan for messages from just one specific number.
Can we trust Facebook? Well, by accepting the permission request, you're legally giving them the right to do whatever they want with your texts — so probably not.
Facebook is already being sued for alleged scanning of private messages for advertising and revenue purposes. The company considers the lawsuit "without merit." In the case of the SMS permissions, they haven't explictly denied that they intend to collect that data. Whether that's because they're not doing it, they're already doing it, or they don't want to close the door on a potentially lucrative way to monetize your seemingly-private communications is known only to Facebook.
Facebook hasn't exactly been friendly to your privacy before, and it's shown a tendency to expand its reach over time (a kind of privacy creep). Just check out how much more of your data the social media site now provides to the entire internet:
The bottom line: Facebook will always have an innocent-sounding explanation for any request to access more of your data. But give a mouse a cookie, and it will eventually sell it to advertisers while the mouse isn't looking.