Spyware is a term, which is used very seldom in the context of mobile apps. The main reason seems to be, that since the start of the mobile ecosystem the thing you call spyware (and what would be detected as spyware by PC virus scanners) is very common and quite accepted by users,app store owners and even phone manufacturers, which sometimes preinstall such apps.
If you log your network traffic and use Tools like XPrivacy on android, you will see that at least every second normal app accesses data like
- Android Serial (almost every app)
- SIM Serial
- Line1Number
- MAC address
- WifiScanResults (SSIDs)
- AdvertisingID (in the bought pro version of the app)
and many more which are not fully restricted by the standard permission management or included in a broad category which really is necessary for other functions of the app. In addition many apps sneak in permissions like GPS (some provide location based functions, others just ask anyway) and use it when you do not use location based functions (as seen using XPrivacy). There are reports (hard to verify) that some apps use a thirdparty wifi location api to avoid asking for the location permission and still locating the user.
The next thing are tracking services. I.e. every unity game connects to stats.unity3d.com
before you see the first screen of the game. Many apps even without any facebook integration connect to graph.facebook.com
and many se crashlytics.com
which is contacted on the app start even if the app never crashed. There are some more analytics and advertising addresses which are often requested even in the advertisment free pro versions of apps.
When you now want to apply the PC definition of spyware, the app store is suddenly almost empty. This is also true for facebook and I believe the Facebook App is a very data hungry one, but it's still not uncommon.
On the other hand seems Whatsapp (by Facebook) to be quite humble and "only" access the contacts, where there is some justification by their model of a contact list. While you may not like the model and may suspect data collection on their servers it's obvious that they need the access if they do not want to restructure the complete app.
So what is the conclusion? The mobile app universe has different privacy standards, probably because it has many users who do not know what's happening, do not know why it may be dangerous and do not care about it.
And as the environment was created when these users where the main consumers it could grow this way while the PC ecosystem was created when users cared about what's happening in the background and were more tech savvy.
On the other hand, the PC users start to care less as well. When Windows 98 introduced an online update function people complained about windows sending data about their PC hardware to Microsoft. Now have a look at Windows 10 and what you need to do to stop it from phoning home. And ads in different windows applications and much more which were not possible back in the days.
So the answer is: The people who do not consider the Facebook app to be spyware are the people who do not consider Facebook to spy on them. Either they do not consider the data private or they trust facebook.
Some do not know what's happening, but most people which heard what Facebook is doing either said they have nothing to hide, its only Facebook and not their neighbor who can see the data, or that Facebook has the data anyway.