Menu
I was very surprised when I found out that the Facebook app on Android apparently is able to install the Facebook Messenger app without asking for permission.
I'm aware that it is possible to install an app via another app, but the user needs to confirm the installation via a system dialog. In addition to that, on newer Android versions the user needs to give the "install from unknown sources" permission to the app that tries to make install requests.
Yet, i have not granted Facebook any install permission and there was no sysyem level dialog asking me to confirm the installation. I have also made sure that Messenger wasn't already installed before.
Im using a Poco F2 Pro running Android 10 (Miui 12). I observed the same behaviour on different devices. What kind of magic is used by Facebook here?
451
To install or update the Messenger app for Android, go to the Google Play store. You can try the following options if you're having trouble downloading or updating your Messenger app: Make sure you have a strong Wi-Fi or mobile data connection.
In August, Facebook finally pulled the plug on messages within the main Facebook app, forcing users instead to download its separate Messenger app.
The Messenger app is a separate app to Facebook. However, users' profiles can be set using their Facebook account or telephone number.
How to Install Facebook Messenger on iPhone 1 Open the App Store on your iOS device. 2 Tap the "Search" tab at the bottom of the screen. 3 Search for "Messenger". 4 Tap "GET" next to the "Messenger" app. 5 Tap "INSTALL" to begin installing the app. 6 Launch Facebook Messenger after downloading it. 7 Sign into Facebook Messenger. See More....
Even though Messenger is easily accessible through the Messenger website, your Facebook account on your computer, and the mobile apps, you can install add-ons in some browsers that are designed to make it even easier to use. These add-ons are not official Facebook apps.
For example, Firefox users can install the Messenger for Facebook add-on to put Messenger on the side of their screens and use it while on other websites, in a split-screen fashion. At its core, Messenger is a texting app for both one-on-one and group messaging, but it can also send images and video.
Wait for the app to download. This may take a few minutes. Depending on your Play Store settings, you may need to be connected to a Wi-Fi network in order to download the app. Launch the Messenger app. You can find it on one of your Home screens or in your App Drawer. You can also tap the "Open" button on the Messenger store page.
If you allow it to install, and check the app settings for messenger afterwards, you'll most likely (depending on version and device) see at the very bottom what app installed it. On my devices, it says something like this:
Now this is key: Notice that it's not saying Google Play, nor Facebook itself. It mentions "Facebook App Installer".
So what is this? Well, go into Settings > Apps to look for it. More than likely, you'll find 2 apps here; "Facebook App Installer" (com.facebook.system), and "Facebook App Manager" (com.facebook.appmanager).
Now, it seems that these two apps come preinstalled on a lot of android devices (most?), and they are responsible for installing updates to the Facebook and Facebook messenger app. I haven't decompiled these and dug into them just yet, but the fact that "Facebook App Installer" is listed as the installer of all Facebook related apps, and the fact that Facebook App Installer comes preinstalled should tell you all you need to know to answer the question here of how Facebook circumvents the permission requests to install messenger.
For the sake of completeness I'll also mention
Settings > Apps > Special access > Install unknown apps).View network connections, prevent phone from sleeping, measure app storage space, run foreground service, run at startup, have full network access, download files without notification, view Wi-Fi connections. Nothing really surprising here.So to summarize. There's preinstalled apps on your phone. All things related to Facebook are installed and managed through these two apps instead of through the usual channels.
Due to the nature of Facebook there's quite a bit of speculation and hearsay essentially accusing these apps of data-collection on devices and other various nefarious purposes.
Searching for these didn't really give me a lot of information: But they are nonetheless discussed on the following links. Please note that most of these links link to community content, and so they tend to contain a lot of Facebook paranoia and sensationalism.
https://www.facebook.com/help/android-app/812681095504818 This link is facebooks own help-page that briefly mentions these apps in passing in describing how to disable facebook app updates.
https://support.google.com/android/thread/25263840?hl=en It's also mentioned briefly here, on a support thread on Google Community Android Help.
https://forum.xda-developers.com/tmobile-lg-v10/help/suspicious-apps-apps-section-facebook-t3415876 Briefly talks about how to remove (seems you must root your phone to truly get rid of this). It also links to https://www.theregister.com/2018/05/22/facebook_data_leak_no_account/ which seems to speculate that these two apps collect data from device even when the Facebook app (and messenger) isn't installed on device. Meanwhile https://thenextweb.com/finance/2019/01/09/no-samsung-isnt-pre-installing-facebook-on-your-phone/ says the reverse thing; that these two apps does not collect any information on their own.
199
You can add more than one shortcut for a single APK to the application draw using the manifest file. I imagine Facebook have used this to spoof that there are two applications.
<activity android:name=".FacebookActiviy">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
<activity android:name=".FacebookMessengerActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
Are there two APKs on the device, or just one? You can see the full list of actual APKs using ADB:
adb shell pm list packages -f
This will probably display a lot (maybe 100 or so) apps, but you can search the results for Facebook to see how many APKs they've actually installed. If I'm correct there will only be one.
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
