The Facebook app’s internal infrastructure makes it a giant data extraction medium, often exploiting the users unknowingly. Standing on this premise, this research examines the Manifest file of the app and relevant Application Programming Interfaces (APIs) embedded in its Software Development Kits (SDKs) and undertakes a tracker analysis of the app using the Exodus tool. The article shows that the reviewed version of the Facebook app has 59 permission requests in the SDKs. Later, it critically analyses the notion of ‘permission’ concerning the network infrastructure and device affordances of the app. The article raises an important question: Can the users (really) ‘permit’? The article suggests that such innovative methods and approaches undertaken in this research can inform more effective policies to regulate platforms like Facebook by safeguarding users’ privacy.