Facebook Home - Great if you think privacy is dead

Filed Under: Android, Facebook, Privacy

FacebookHome170Is Facebook Home the long rumored Facebook phone? Nope.

Rumors of a Facebook phone are nearly as common as OS X users who don't think they need anti-virus, but that doesn't make either one of them true.

Facebook is avoiding the hassles of designing and manufacturing its own hardware, but nevertheless making a land grab for control of the user experience.

The concept is simple: replace the lockscreen and application launcher on popular Android devices with a streamlined, Facebook-focused experience.

It is only available on a few devices at this time, including the Samsung Galaxy S3, Samsung Galaxy Note II, HTC First, HTC One X, and HTC One X+.

So I thought I would take a quick look at it from a security and privacy standpoint.

Modifying things like lockscreens can easily go sideways, as we've seen in the past with iOS.

In fact, without even considering how the app is designed to work, there are already reports of Home disabling the built-in Android pattern/passphrase lock on the new HTC First.

That isn't supposed to happen, of course, so I would think twice about enabling it until Facebook is able to release a fix.

CoverFeed170What Facebook Home is supposed to do is replace your plain vanilla lockscreen with a continuously-updated feed from your Friends, a feature they call Cover Feed.

You will see their photos, wall posts, comments, Likes, and more, all the time, in real time.

All of this information is visible without unlocking your phone and provides the opportunity to double-tap to Like the content you are viewing.

This is an interesting new take on the "lock" in "lockscreen," and while the always-logged-in "privacy is dead" angle won't be a surprise to Facebook fans, it raises worrying opportunities for abuse.

Just imagine what some of your friends might post to their walls simply to have it show up on your phone during a business meeting!

Even if you are not a Facebook Home user, you'll still be impacted.

When you post a photo or comment, you won't know when or where it will show up on your Friends' phones, or who might be around to see it.

And if you travel a lot, you may end up stuck with some heavy-duty roaming fees from downloading all of those photos, all of the time.

The Facebook Home Launcher component is largely uncontroversial.

It's uncomplicated, and while it steers you towards Facebook functionality and apps rather than Android ones, it seems perfectly functional.

ChatHeads170The feature people seem to like the best is called Chat Heads.

I have to admit, if I were a frequent Facebook chatter I would love this -- in fact I wish Google Talk worked more like Chat Heads.

The idea is your Friends' photos appear as little circles at the edge of your screen, popping out and displaying any chat messages, no matter what application you are using on your phone at the time.

My verdict?

If you are a heavy Facebook user and don't mind the privacy risks, I think you'll really like Facebook Home. (I'd wait until Facebook works out the lockscreen bypass problems, but otherwise it isn't inherently broken.)

But if you are a corporate user and enlisted in a BYOD program, I'd steer clear.

In fact if I were administering a BYOD program, I would disallow Facebook Home, as I feel there is too much room for information leakage for it to be a safe choice in a business environment.

My advice?

  • Take the time to think through the privacy implications before you install it.
  • Be understanding if your employer doesn't let you use it on BYOD devices.
  • Consider living without the Cover Feed option, even if you love the idea.

, , , , , , , ,

You might like

9 Responses to Facebook Home - Great if you think privacy is dead

  1. no thank you, I think about my own privacy, and i don't want to install this on my galaxy s4

    • Akuma · 908 days ago

      I don't think about it on G+ because i have my posting set to post to my circles only by default, not publicly.

  2. Is it possible for me to stop my posts and pictures appearing on someone else’s phone?

    • Chester Wisniewski · 911 days ago

      Not that I am aware of

    • Jason · 910 days ago

      It would be the same privacy controls as on the "old fashioned" website. If they can see it on the Facebook site, they'll see it in their Home feed (which is really just an always-on version of the site) and if you exclude them from a post on the website, it will not come into their phone feed.

  3. MercyBuckets · 910 days ago

    "Just imagine what some of your friends might post to their walls simply to have it show up on your phone during a business meeting!"

    I don't really know what you mean by this; is the issue the content of your friends posts, or the fact that you're checking Facebook while in a business meeting? The simple answer here seems to be - wait for it - don't be looking at Facebook during the meeting. I don't know many people who keep their phone out on the table and the screen not turned off.

  4. Luke · 910 days ago

    You forgot the final option (which I took some months ago). Close your Facebook account and delete it permanently. It's refreshingly liberating.

  5. Matthais · 910 days ago

    The comment on the image of the new home screen, perhaps tragically telling of the future of privacy if people keep on taking these things up.

  6. Luke · 909 days ago

    *Plus you don't need to be a master configuration manager to adjust your privacy settings every time FB release a new "feature".

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.