Facebook’s Android app has been collecting data on its users’ phone calls and texts outside of the platform, prompting privacy concerns from consumers who didn’t know just how far Facebook’s data collection efforts really go.

According to a report by Ars Technica, Facebook has been recording the data of its users’ phone calls and texts for a number of years.

“This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years’ worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received,” the news outlet reported. “This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us — my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata.”

Downloaded my facebook data as a ZIP file Somehow it has my entire call history with my partner's mum pic.twitter.com/CIRUguf4vD — Dylan McKay (@dylanmckaynz) March 21, 2018

Following the report, Facebook attempted to ease concerns from its users in a blog post, Sunday, where the company claimed news reports had been inaccurate.

“You may have seen some recent reports that Facebook has been logging people’s call and SMS (text) history without their permission. This is not the case,” claimed Facebook. “Call and text history logging is part of an opt-in feature for people using Messenger or Facebook Lite on Android. This helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook. People have to expressly agree to use this feature.”

However, despite Facebook’s claims that users had to explicitly opt-in to the data collecting, Ars Technica noted that in several cases users had not.

“This contradicts the experience of several users who shared their data with Ars. Dylan McKay told Ars that he installed Messenger in 2015, but only allowed the app the permissions in the Android manifest that were required for installation,” Ars Technica explained. “He says he removed and reinstalled the app several times over the course of the next few years, but never explicitly gave the app permission to read his SMS records and call history.”

“In my case, a review of my Google Play data confirms that Messenger was never installed on the Android devices I used. Facebook was installed on a Nexus tablet I used and on the Blackphone 2 in 2015, and there was never an explicit message requesting access to phone call and SMS data,” they added. “Yet there is call data from the end of 2015 until late 2016, when I reinstalled the operating system on the Blackphone 2 and wiped all applications. While data collection was technically ‘opt-in,’ in both these cases the opt-in was the default installation mode for Facebook’s application, not a separate notification of data collection.”

Twitter users and celebrities threatened to boycott Facebook and delete their accounts in response to allegations of user data mishandling last week, which one former employee claimed was “horrifying” and routine at Facebook.

“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” declared Facebook CEO Mark Zuckerberg response. “This was a major breach of trust, and I’m really sorry that this happened. We have a basic responsibility to protect peoples’ data.”