Fact-Check Analysis: Documentation vs. Runtime Evidence

**Date:** December 30, 2025 **Analyst:** Documentation Review **Based on:** Runtime logs from 2025-12-30 sessions

Executive Summary

After reviewing all documentation against the latest runtime evidence, I've identified both **strongly verified claims** and **claims that require clarification or correction**. The core architectural findings are solid, but some claims overstate what the evidence directly proves.

VERIFIED CLAIMS (Strong Evidence)

1. Shimmer → Audio Chain Connection

**Status:** STRONGLY VERIFIED

**Evidence from 2025-12-30 logs:**

[FB-SystemAudioSessionManager] _backgroundAudioEnabledClients (call #1)
Backtrace:
    FBSharedFramework!FBFeedShimmeringStoryFlexComponentSpec::__internalFactory
    CoreFoundation!__CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__
    UIKitCore!-[UIApplication _deactivateForReason:notify:]

The feed shimmer loading placeholder component (`FBFeedShimmeringStoryFlexComponentSpec`) **explicitly appears in backtraces** for audio session management. This is now proven.

2. Extreme Audio Infrastructure Polling

**Status:** VERIFIED

**Evidence:**

undefined

3. Audio Infrastructure Connected to Analytics

**Status:** VERIFIED

**Evidence from backtraces:**

undefined

4. AVAudioSessionCategoryAmbient (No Mic in Declared Category)

**Status:** VERIFIED

**Evidence:**

[POLICY] AVAudioSessionCategoryAmbient -> AVAudioSessionCategoryAmbient
[POLICY] Mic in category: NO

The declared audio category does NOT include microphone access, yet audio infrastructure cycles continuously.

5. App Lifecycle Triggers Audio Management

**Status:** VERIFIED

**Evidence:**

UIKitCore!-[UIApplication _deactivateForReason:notify:]
UIKitCore!-[_UISceneLifecycleMultiplexer _performBlock:...]

Audio session updates are triggered by iOS app lifecycle events, not user-initiated audio features.

CLAIMS REQUIRING CLARIFICATION

1. "Actual Audio Capture During Passive Browsing"

**Documents claim:** Audio is being captured continuously

**Actual evidence shows:**

================================================================================
AUDIO DATA CAPTURE EVIDENCE @ 2025-12-30T11:52:33.842Z
================================================================================
Audio buffers processed (AudioUnitRender): 0
Sample buffer callbacks: 0
Suspicious network uploads: 0
Audio content-type sends: 0
================================================================================

**Clarification needed:** The audio INFRASTRUCTURE is being exercised (937 cycles/sec), but actual audio buffer processing shows ZERO during passive browsing. The documents should distinguish between:

undefined

**Recommended correction:** Reframe as "Facebook maintains audio capture infrastructure in a continuously ready state" rather than "Facebook captures audio 24/7"

2. "Covert Audio Transmission to shortwave.facebook.com"

**Documents claim:** Audio is streamed to `wss://shortwave.facebook.com/v2/vp/recognition`

**Actual evidence:**

undefined

**Clarification needed:** The endpoint exists in the binary and is plausibly used for voice features. We have not captured actual passive surveillance transmission.

3. "321,700+ PKPushRegistry Instances"

**Status:** From earlier session, not current session

This finding should be noted as from a specific earlier monitoring session, not the current one.

4. "1,099 TUCallProvider audioSessionID Accesses"

**Status:** From earlier 15-minute session, not current session

This finding is from an earlier monitoring session and should be dated appropriately.

WHAT THE EVIDENCE ACTUALLY PROVES

Architecture Level (STRONG)

undefined

Behavior Level (MODERATE)

undefined

What Remains Unproven

undefined

RECOMMENDATIONS FOR DOCUMENTATION UPDATES

1. README.md

**Current:** "Covert audio transmission - Audio streamed to Facebook servers without user knowledge" **Recommended:** "Audio infrastructure maintained in ready state during passive browsing, architecturally connected to ad impression tracking"

2. FBI Disclosure

**Current claim about 24/7 audio capture** **Recommended:** Reframe as "surveillance-ready infrastructure" rather than proven active surveillance

3. Apple Security Disclosure

The technical accuracy is good. Add the new Shimmer→Audio backtraces as explicit evidence. The PKPushRegistry claim should be dated.

4. FTC Complaint

**Strongest framing:** Focus on the architectural connection between analytics/advertising code and audio infrastructure, which IS proven. The deceptive practice argument is that this architecture exists at all, not necessarily that active recording is occurring.

NEW EVIDENCE TO ADD

The 2025-12-30 runtime logs provide several new strong findings that should be incorporated:

1. Explicit Shimmer→Audio Backtraces

FBSharedFramework!FBFeedShimmeringStoryFlexComponentSpec::__internalFactory
  → FBSharedFramework!FBTimeInAppTrackerForSession
  → CoreFoundation!__CFNOTIFICATIONCENTER_IS_CALLING_OUT_TO_AN_OBSERVER__
  → UIKitCore!-[UIApplication _deactivateForReason:notify:]

2. Call Rates During Passive Browsing

undefined

3. Data Pipe → Analytics Chain

undefined

4. Zero Actual Audio Capture

The periodic evidence summaries showing 0 audio buffers processed is actually important - it shows the infrastructure is in standby, not actively recording during passive browsing.

CONCLUSION

The documentation makes a strong case, but conflates "surveillance-ready infrastructure" with "active surveillance." The evidence proves:

**PROVEN:** Facebook has built an abnormal audio infrastructure that:

undefined

**NOT PROVEN:**

undefined

**RECOMMENDATION:** Reframe documents to focus on the proven architectural anomalies and the CAPABILITY this infrastructure represents, rather than claiming proven active surveillance.

LOG FILES SAVED

**Fact-check completed:** 2025-12-30