If you hold the copyright to a library deployed on android, you might want to talk to a lawyer.
This only includes system libraries which a phone OEM shipped. It doesn't include libraries which are bundled with an app.
The main benefit that Facebook likely get out of this is that it helps them debug crashes on devices they don't have themselves.
The only angle I see is copyright infringement for copying libraries owned by the phone manufacturer... but even that I'm not sure if it's really illegal in this case. Worth filing a complaint anyway I guess.
The traditional model of computer security assumes that there's one device (the computer) which may have multiple users, so the emphasis is on identifying the user to the device. But today, one user may have one or more computers (smartphones/tablets/laptops), so the emphasis is on linking devices to users and thereby tracking usage patterns across devices. Which lands it straight in GDPR territory.
And no point using Facebook, really. Still with Whatsapp (and passively Instagram) as my friends are massively on those.
It’s is extremely difficult to diagnose Android native code crashes. Unlike iOS where it is both straightforward to unwind on the phone, and where Apple makes the iOS system symbols available for symbolizing system frames in a stack trace, neither of these things are true on Android.
My first approach for my company’s Android crash manager SDK was to use Google Breakpad. This works by capturing a snapshot of stack memory at the time of the crash. Unwinding then occurs on a backend server. But to unwind successfully, absent a frame pointer register, you need unwind info to provide to the unwinder. This simply isn’t available except for Nexus devices for which you can download the system images from Google. And even on devices where the code was compiled with a frame pointer, you still need symbols so you know what each frame’s function was.
Another approach is to unwind on the device. In my experience, using libunwind, this is successful about 50% of the time. It also risks hanging the app, which looks even worse to the user than just crashing.
Years ago, I briefly considered having our crash SDK, optionally and with user consent, extract the symbols and unwind data from the libraries on the device and upload them to our backend. I dismissed it as too expensive to do on a user’s phone.
Instead, we crowd source as much as we can from our employee phones.
Android native code crashes remain a bear to diagnose. Especially annoying since Android itself collects a ton of diagnostic data about your app when it crashes - it just doesn’t make it easily, or in some cases at all, accessible to the app itself.
Could be a few reasons, could be boring metrics, could be anticompetitive identification of acquisition targets, could be oppo research, could be user profiling.
None of these things I'm ok with Facebook getting off my phone.
Hypothesis 1, debugging: requires full copies of system libraries
Hypothesis 2, fingerprinting: requires hashes of application libraries
Evidence: full copies of system libraries are being uploaded
How are you using that evidence to be so confident in hypothesis 2 and confidently against hypothesis 1?
Sure, everyone is going to talk about fingerprinting, but let's face it, there are way easier and more reliable methods of doing that than system libraries that mostly match between same devices.
Must be for some sort of debugging? Still seems insane...
Facebook wants their app to work on all of them, but cant track down all of those physical devices.
Instead, I bet they load all the libraries into a big test bench and check all features of the app work with all possible hardware.
It wouldn't be perfect, since I bet many of those libraries rely on custom system services, kernel interfaces, etc, but I bet it helps them track down a bunch of issues before they impact real users.
This has the advantage of getting away with things the legal team would advise against, which I think they do a lot.
Unfortunately, everyone uses WhatsApp in Brazil, and very few people uses Telegram, for example. This makes it kinda impossible to be Facebook-free here.
