Do you have the hashes to prove that what you tested matches what is actually installed elsewhere?
No, I'm not actually claiming there actually are different versions in the wild. I just find it strange that anybody can make broad claims about what widespread software may or may not be doing. Widespread use of "A/B testing" and forced remote updates should make everyone question the nature of every binary, even when they have the same name (including version number).
Fb's well known for large scale A/B testing though. Isn't it more than possible that the binaries/versions/etc that you tested simply weren't part of the test?
On the Android side, it's not terribly difficult to send a copy of the app to a computer and decompile it. Then you can simply search for any code that invokes the Android function for mic access.
Do you have the hashes to prove that what you tested matches what is actually installed elsewhere?
No, I'm not actually claiming there actually are different versions in the wild. I just find it strange that anybody can make broad claims about what widespread software may or may not be doing. Widespread use of "A/B testing" and forced remote updates should make everyone question the nature of every binary, even when they have the same name (including version number).