[creato]

> that it never left the pocket of the person who was granted access to it and they knew it.

How do they (you) know that? How hard would it be for Huawei or Blackberry to exfiltrate that data?

What that and other incidents show is that Facebook had a widespread pattern of sharing data and trying to control the reach of that data through contracts and legal power rather than actually controlling it. This strategy makes leaks inevitable.

[beagle3]

While it was likely easier to exfiltrate data this way, you can rest assured that if they want to exfiltrate it, as the producers of the hardware and the firmware, they can easily do it.

They control the kernel. They can read it from the screen, from the app memory, from the TCP stream with a minor patch to the TLS code. Seriously, the "how do you know" rabbit hole has to start from first principle.

You don't know. And the special API made is easier if it did happen. But it was not an enabler or anything - if they wanted to, they did it without, before, or with Facebook's help.