I was going to say this isn’t a big deal but copying and uploading the libraries is actually illegal (copyright violation) and users likely can’t even consent to this even if it is in the Facebook ToS as many android phones contain proprietary libraries not licensed for redistribution.
The creators of those various libraries should have a valid legal case against Facebook here, if they want to exercise it. I doubt any users are being harmed by this but it’s a violation of the software creator’s rights.
Some older android devices running newer lineage/AICP/etc builds include a few libraries I wrote (in their entirety) for compatibility of old vendor prebuilts with new android versions - libdgv1 & libdmitry. Maybe I should C&D FB for laughs?
Sure, by closed source I meant "not licensed under a typical open source license that gives you that right" rather than "I literally can't find the source via google".
Edit: CANCEL MY KNEE-JERK REACTION TO A KNEE-JERK REACTION! A few tweets down (good [deity] twitter is a terrible way to transmit information, this is why I don't generally bother with it) she does say the full library is sent.
--------------------
> copying and uploading the libraries is actually illegal (copyright violation)
That isn't what is happening here - the headline is misleading.
Further into the tweet (FFS, it is a tweet and people aren't reading it all before reacting!) it clearly says "It periodically uploads metadata of system libraries to the server".
Basically that means they are sending and storing what versions of what things you have, not the code or other data in the libraries themselves. I'm pretty sure there is no reasonably copyright on the name and version number of a library in this context.
If it is being done for fingerprinting purposes then there might be an unreasonable tracking claim by the users, but not the library copyright holders.
The less worrying explanation is that it is being used for problem analysis: if a new version crashes a lot but only on devices with a specific version of a specific library, that makes tracking down the bug and implementing a workaround or fix much quicker. Of course this is facebook so if it is for the issue analysis (which it almost certainly is) but can also be used for fingerprinting as well, you can bet your bottom dollar that it will be used for fingerprinting as well.
At first glance, the amount of damage being done is close to nil — even if they reverse engineer received files to steal trade secrets therein (lol), it is hard to pinpoint specific amount of harm, dealt to the copyright owners.
But actually... why are Facebook people doing that? If I were to wager a guess, Facebook needs those files to create exact copies of user systems to debug. In other words, they are trying to save up on buying real devices for their test lab! Using "pirated" copies of libraries to spin up testing VMs is most likely cheaper than owning lots of real smartphones with all available firmware versions. And also illegal.
I wonder if they gauged possibility of being sued for this along with possible legal expenses and found that it is still cheaper than buying those devices themselves.
In the US there is a legal doctrine called fair use, which limits the extent of copyright. There are a number of factors but one of the most relevant here is the purpose and character of the use. If you're using the work to create an analysis of it, that's often covered under fair use as it is not a simple reproduction of the original. (not legal advice).
There are numerous exceptions to the exclusive right to copy works of authorship, of which Fair Use is only one case, actually an "affirmative defence" (that is: not a preclusion to civil or criminal proceedings, but a defence which may be presented), based on a four-part test.
There are additional excemptions, including copying which is required in the normal use of software, and possibly other information, on electronic systems. Whether copying to a malware-scanning service may or may not be included in that, though it would seem a fair argument that it should be (transformative, doesn't impact market, does affect the whole work, purpose is constructive and not otherwise served, context is specific to the nature of the work).
Not under US Copyright law, but that's because you have a licence to the software which means you have the fair use right to take this security measure.
Absent a rather dubious user agreement allowing Facebook to copy all the data off your phone, Facebook does not have that fair use right. Nor is it likely even remotely ethical to be doing this without explicitly notifying the user. So, illegal and unethical, but I guess unless some PR firm is paying the news media to be outraged about it, they're not likely to care.
I seem to remember a case where files were being uploaded to a server where they were only retained in memory and that qualified as a copyright violation, but I'm having trouble actually finding it.
Note that there is an exception for such a copy when it’s necessary to run the program, I believe this exemption was added because otherwise running an executable on a personal computer would have been a copyright violation.
> a) Making of Additional Copy or Adaptation by Owner of Copy.— Notwithstanding the provisions of section 106, it is not an infringement for the owner of a copy of a computer program to make or authorize the making of another copy or adaptation of that computer program provided:
> (1) that such a new copy or adaptation is created as an essential step in the utilization of the computer program in conjunction with a machine and that it is used in no other manner, or
> (2) that such new copy or adaptation is for archival purposes only and that all archival copies are destroyed in the event that continued possession of the computer program should cease to be rightful.
Maybe in jurisdictions like the US, where the copyright lobby has been very effective in getting aggressive anti-piracy legislation with huge penalties enacted, the statutory damages alone could be astronomical? Since Facebook could still afford to pay them, it might also offer to settle for a very worthwhile sum without even the risk of going to court.
I'm generally not a fan of hugely disproportionate penalties for copyright infringement, but this isn't some normal person falling victim to opportunist lawyers engaging in a form of barratry, this is a huge company with its own legal team who should know better than to wilfully infringe copyright.
The creators of those various libraries should have a valid legal case against Facebook here, if they want to exercise it. I doubt any users are being harmed by this but it’s a violation of the software creator’s rights.