[CookieMon]

I use this facebook app now: http://i.imgur.com/Iyd43n6.png (Android)

It's either a well written FB app, or a no-permissions jail around Facebook's own hybrid-app/mobile-site. GPS no longer turns on, and messaging works for me.

[moondowner]

There's also 'Tinfoil for Facebook' https://play.google.com/store/apps/details?id=com.danvelazco... which is opensource https://github.com/velazcod/Tinfoil-Facebook

[sp332]

Someone used that code to make Tinfoil for Twitter as well https://play.google.com/store/apps/details?id=com.mill_e.twi...

[FreakyT]

I've found that just running Facebook's mobile site in Chrome works pretty well for most purposes.

[cushychicken]

I've been doing that since I found out they were requiring access to text messages. One year later and I have zero regrets.

[FreakyT]

It's ridiculous how many completely irrelevant permissions they demand!

Facebook's laundry list of permissions is perhaps the best example of how Android's permission system is completely broken.

[c22]

I think Android's permission system works great. I saw Facebook's list of required permissions, considered whether these functions were necessary to provide the service I needed and whether I trusted Facebook to manage them for me, then declined to install the app.

[cushychicken]

I agree, but I'm not married enough to the native client to be upset about it when there's a perfectly good mobile site waiting for me.

If they tank their native site, well, then they won't get to harvest any more data from me.

[dublinben]

You will still be tracked on other sites you browse if you are logged into Facebook with your primary browser. That is the benefit of an app like Tinfoil for Facebook, which keeps your Facebook cookie in a sandbox.

[__z]

My last phone had Facebook as one of those apps that you couldn't uninstall. I was so pissed, I've never had any sort of Facebook app on my phone nor do I want one. Even if I never signed in. Absurd.

[jsaxton86]

If you root your android device, you can install AppOps, which allows you to toggle the individual permissions on every application.

[discardorama]

> If you root your android device,...

Not to hijack a thread, but: this is is why Apple's iOS is such a compelling case. They make it so easy to control access to the location/microphone/etc. in one tab: Settings -> Privacy -> Location Services

I don't know what Google is thinking, but given the current snooping climate you think they'd err on the side of the customer... but they don't.

[wtracy]

They released an App Ops-like feature in an Android beta (I think it was KitKat, but don't quote me) and pulled it because it broke compatibility with so many apps.

(It caused an exception to be thrown whenever an app tried to access something that had been locked down by the user. Legacy apps obviously couldn't catch the exception, so typically the app would just crash.)

[discardorama]

It seems easy to fix: can't they test the app in the app store and see if it can handle the exception or not, and if it can't, return a dummy (0,0) coordinate?

[wtracy]

Actually testing every app sounds like a challenge Google isn't interested in taking on.

There's also the question of whether apps will still behave gracefully when receiving dummy data. Some apps may misbehave in ways such that it's not immediately apparent that the root cause is a permissions issue.

[tdkl]

> I don't know what Google is thinking

That customer data is valuable for them, so "the more the merrier" ?

[jahnu]

I use it in a second browser only for Facebook.