Facebook has been inadvertently collecting phone numbers belonging to people who download the site’s Android application -- even if they aren’t members of the social network, don’t ever sign into the app or don’t explicitly share their cell phone number.
The bug was reported by a security software provider Wednesday and has been confirmed by Facebook, which noted the problem will be addressed in the forthcoming version of the app. A Facebook spokesman said the company believes the technical flaw was introduced in February of this year.
Symantec, the software provider, announced in a blog post that its mobile security software, which looks for apps that could pose privacy risks, found that Facebook’s Android app had been “leaking” the phone number of Android devices on which it was installed. A Symantec spokesman told The Huffington Post that any Android smartphone running the buggy Facebook app was affected by the flaw and could have had its phone number uploaded to Facebook's servers.
“The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers,” Symantec's blog post said. “You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen.”
Facebook's spokesman told The Huffington Post that the social network did not "use or process the numbers in any way," and said they had been deleted from Facebook’s servers.
“This was a bug in the Facebook for Android app, and we thank Symantec for bringing it to our attention,” Facebook spokesman Derick Mains told The Huffington Post in an email. “We've fixed it in the next version of the app, which is available for anyone to download as a beta today."
Symantec estimated in its blog post that a "significant portion" of the "hundreds of millions of devices" on which Facebook's Android app have been installed were affected by the bug. Mains said that because Facebook deleted the collected phone numbers after being notified of the bug, it could not estimate how many people were affected or numbers were collected.
This article has been updated to include additional information from Symantec and comment from a Facebook spokesman.
Earlier on HuffPost:
You Luv 'Call Me Maybe'
Remember when you were having that <em>really bad</em> day and blasted Carly Rae Jepsen's "Call Me Maybe" 23 times on Spotfiy? Yeah... well, we witnessed that low moment via your Facebook profile's ticker, the real-time mini feed located in the upper right hand corner of Facebook pages. If you don't want to share your (possibly embarrassing) musical preferences with your Facebook friends, make sure to turn off the "Share to Facebook" button (at the top right of your Spotify desktop app).
You Can't Resist Clicking On Sketchy, Sexy Video Links
Some Facebook apps, like Socialcam, are designed to make you click on content by using sleazy, eye-catching headlines. "Socialcam's 'trending' videos read like a bunch of crossovers between the 'American Pie' franchise and 'Jackass,'" <a href="http://www.washingtonpost.com/socialcams-so-sleazy-its-insightful/2012/06/05/gJQAor3FGV_story.html" target="_hplink">The Washington Post wrote</a> in June. If you're a SocialCam user, remember that the spam-like titles of videos you view automatically pop up on your profile, so your friends all might know when you've watched "CraZy ThReeSom!" or "Two Wasted Chicks" last week.
You Can't Get Enough Sideboob In Your News
Glancing at a juicy article on how Miley Cyrus <a href="http://www.huffingtonpost.com/2012/05/22/miley-cyrus-side-boob-actress-sex-scenes-losing-virginity_n_1536026.html" target="_hplink">flashed some sideboob</a>? While this wouldn't phase some Facebook users, others would prefer not to have anything with the word "sideboob" published on their profiles or in friends' News Feeds. Facebook's social reader apps track the articles you read, and with permission you grant when first downloading the app, then post the stories automatically to your wall. So be wary of those scandalous headlines promising half-naked pictures.
How Old You Are
Some people love getting birthday wishes via Facebook. But putting your your full date of birth on any social networking site means strangers are privy to information that can be used to steal your identity. If you want to keep your birthday up online, consider taking the safe route and nix the year.
You Went Out Boozin' Every Night Last Week
Friends or apps can now tag your location via Facebook. But maybe you don't want everyone to know you're visiting that neighborhood dive bar for the fourth night this week. "There isn't a specific setting to block people from tagging you in a post that includes a location," <a href="https://www.facebook.com/help/location/privacy" target="_hplink">Facebook's site reads</a>. This means if you don't want your whereabouts known, you'll have to change your Timeline setting to approve all tags before they're posted, or manually remove the tags once they've been published.
You Are Addicted To Artsy Pics Of Beaches And Breakfast Food
Photo-sharing app Instagram is relatively direct in telling you where your pictures are posted. But you might unknowingly be photo-spamming your friend's Facebook feeds by letting the app re-post every picture you "like" onto Facebook. And things could get a little dicey depending on <a href="http://www.huffingtonpost.com/2012/08/30/instagram-porn_n_1842761.html?utm_hp_ref=technology" target="_hplink">what types of images you view.</a> Luckily this feature is easy to change. Just go into the settings options on your Instagram app, click the "Share Settings" tab and turn off the setting that shares "Liked" photos to your Facebook timeline.
What Your Kids' Names Are
Tagging or naming younger children on Facebook can be a dangerous move. Similar to putting your full birthday on the interent, you could be offering up too much information and enabling a breach of privacy. "If your child isn't on Facebook and someone includes his or her name in a caption, ask that person to remove the name," <a href="http://www.consumerreports.org/cro/magazine-archive/2010/june/electronics-computers/social-insecurity/7-things-to-stop-doing-on-facebook/index.htm" target="_hplink">Consumer Reports advises</a>.