Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Facebook's Android app snags your mobile number the moment you launch it

Ted Samson | July 1, 2013
Facebook says it will fix the issue, but the company is testing users' tolerance for poor data security.

If you've ever simply launched the Facebook app on your Android smartphone, Facebook may have collected your phone number, according to an alert from Symantec. This marks the second time in two weeks that a security company has cited the social networking site for grabbing and storing contact info from people who may not even have Facebook accounts.

"The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers. You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen," according to Symantec's official blog.

Hundreds of millions of devices have installed the Facebook application, according to Symantec, and some devices come pre-installed with it; thus, a significant portion of Android devices are likely affected.

The news isn't going to help Facebook's reputation for being less-than-vigilant with its vast hoard of valuable user (and non-user) data. Security company Packet Storm revealed last week that for a year, Facebook was leaking potentially private contact information collected from users who uploaded their contact lists to the site. Packet Storm later criticized Facebook for understating the scope of the leak and for failing to alert nonusers who may have been affected.

Facebook has acknowledged the issue with the Android app said it would fix it in the next release. The company claims that it neither used nor processed the phone numbers and has deleted them all from its servers. The company also said it has fixed the aforementioned "data leak" issue. But it's probably time for Facebook to revisit its data privacy policies, such as which data it collects and saves, or face user backlash.

This revelation also casts yet another shadow on the Google Play app store, which has garnered a reputation for housing insecure mobile wares. Notably, according to Symantec, Facebook for Android isn't the only mobile app in the Google Play that's leaking user data. The company says the new version of its Norton Mobile Security software is capable of pinpointing which apps exhibit similarly risky behavior.


Sign up for Computerworld eNewsletters.