How is Facebook not considered spyware?
Very Simple, Facebook IS spyware.
It is also "Consensual" spyware...yeah, it's spying on you, but you agreed to it (even if you didn't read the agreement before checking the "I Agree" box), and it is probably safe to say, you 'enjoyed' the benefits of it, so most people (still) aren't really complaining about it.
As the public's understanding of just how invasive Facebook has become people are coming to terms with what they will and will not accept.
For the most part what it really comes down to is that Facebook is paying attention to what you do in order to target you with advertising for things you will like and to 'grow' it's network.
Think of it this way, if you like, for decades advertisers choose where to place beer commercials, dish soap ads, and other products based on who they thought would be watching TV. There are more beer commercials on CBS during a football game than on ABC during the news (though sometimes the news might make you reach for a beer...but I digress). Facebook has taken this to a new level.
For my part I am pleased that I don't get bombarded with feminine hygiene ads, but do get ads, and even coupons and invitations to events where the food, music and activities are more likely to be 'to my liking'.
More recently, however, Facebook has gotten into more 'censorship'... and IMHO that is bothersome. How much so? each Facebook user will have to decide for themselves. When you walk into the "mall" that is owned by Zuckerberg he does get to decide the rules...if you don't like them, you can always leave. But yes, he is watching.
Android has a detailed model for app permissions (and so does iOS as far as I know). The FB messenger on my phone has access to my camera, location, microphone and storage (Note the absence of texts, contacts, appointments, etc.). The app probably asked me to import my contacts at some point and I politely declined. Similarly, my OS will notify me when an app is actually using my location.
The difference with spyware: It doesn't ask, it doesn't tell. Now if the messenger app circumvented Android's permission model to grab my data, that would be a whole different story, but it doesn't. Don't opt-in to sharing your data if you don't want to share it.
Spyware is a term, which is used very seldom in the context of mobile apps. The main reason seems to be, that since the start of the mobile ecosystem the thing you call spyware (and what would be detected as spyware by PC virus scanners) is very common and quite accepted by users,app store owners and even phone manufacturers, which sometimes preinstall such apps.
If you log your network traffic and use Tools like XPrivacy on android, you will see that at least every second normal app accesses data like
- Android Serial (almost every app)
- SIM Serial
- Line1Number
- MAC address
- WifiScanResults (SSIDs)
- AdvertisingID (in the bought pro version of the app)
and many more which are not fully restricted by the standard permission management or included in a broad category which really is necessary for other functions of the app. In addition many apps sneak in permissions like GPS (some provide location based functions, others just ask anyway) and use it when you do not use location based functions (as seen using XPrivacy). There are reports (hard to verify) that some apps use a thirdparty wifi location api to avoid asking for the location permission and still locating the user.
The next thing are tracking services. I.e. every unity game connects to stats.unity3d.com before you see the first screen of the game. Many apps even without any facebook integration connect to graph.facebook.com and many se crashlytics.com which is contacted on the app start even if the app never crashed. There are some more analytics and advertising addresses which are often requested even in the advertisment free pro versions of apps.
When you now want to apply the PC definition of spyware, the app store is suddenly almost empty. This is also true for facebook and I believe the Facebook App is a very data hungry one, but it's still not uncommon.
On the other hand seems Whatsapp (by Facebook) to be quite humble and "only" access the contacts, where there is some justification by their model of a contact list. While you may not like the model and may suspect data collection on their servers it's obvious that they need the access if they do not want to restructure the complete app.
So what is the conclusion? The mobile app universe has different privacy standards, probably because it has many users who do not know what's happening, do not know why it may be dangerous and do not care about it.
And as the environment was created when these users where the main consumers it could grow this way while the PC ecosystem was created when users cared about what's happening in the background and were more tech savvy.
On the other hand, the PC users start to care less as well. When Windows 98 introduced an online update function people complained about windows sending data about their PC hardware to Microsoft. Now have a look at Windows 10 and what you need to do to stop it from phoning home. And ads in different windows applications and much more which were not possible back in the days.
So the answer is: The people who do not consider the Facebook app to be spyware are the people who do not consider Facebook to spy on them. Either they do not consider the data private or they trust facebook.
Some do not know what's happening, but most people which heard what Facebook is doing either said they have nothing to hide, its only Facebook and not their neighbor who can see the data, or that Facebook has the data anyway.