I'd expect that they're doing this because they'd like to diagnose crashes or bugs on systems that they don't have the hardware for. It's still somewhat creepy and possibly a fingerprinting mechanism.
Agreed. This is about how the phone number thing went "for security". I think a lot of people believed FB was using it just for security but in reality they were trying to find more connections, possible friends, tie you to an identity. A real citizen of a country - which is one of their products. I would suspect this is like browser fingerprinting.
Yeah, when I was working on an SMS app, I briefly considered doing something similar. The variety of ways companies break these shared services is astounding[1], and there's no way to reproduce without having the actual phone on-hand, and/or decompiling the framework and seeing what nonsense they wrote. I never did ship it tho.
There are definitely some non-shady useful reasons to do this, but Facebook has sorta lost my default assumption of not-evil, yea.
Even ignoring the ethical questions it is a massive waste of bandwidth. They could hash the libraries, and if they get a cache miss, upload that one from one person (or perhaps a few people, since everything is in parallel). They then know what system libraries their users have installed without wasting a ton of bandwidth.
Next step to reduce creepiness is to only upload info on system libraries that actually affect the app (so if some users experience crashes and others don't, they can trace it to differences in system libraries).
But that presumes a human engineer is going through and looking at the libraries in order to maintain fingerprints. I suppose it's possible that's what Facebook is doing, but it strikes me as a massive waste of time, particularly in comparison to all of the other metrics at their disposal.
Why wouldn't they just track the model of the phone + the current software version if fingerprinting was the goal? How would this approach give them any more fingerprinting data than that one?
Except it's not the data that's protected by copyright laws. ...and that it's not the original file is what makes it ethically palatable that Facebook is doing this without explicitly notifying the users that it's happening, although they damn well should have because it represents a profound change in the relationship.