Huffpost Technology

Facebook Android App Collects Phone Numbers Without Permission -- Even From Non-Members

Posted: Updated:
Print Article
MARK ZUCKERBERG
A bug in Facebook's Android app collects phone numbers without permission, an online security company reported Friday. (AP Photo/Jeff Chiu, File | AP

Facebook has been inadvertently collecting phone numbers belonging to people who download the site’s Android application -- even if they aren’t members of the social network, don’t ever sign into the app or don’t explicitly share their cell phone number.

The bug was reported by a security software provider Wednesday and has been confirmed by Facebook, which noted the problem will be addressed in the forthcoming version of the app. A Facebook spokesman said the company believes the technical flaw was introduced in February of this year.

Symantec, the software provider, announced in a blog post that its mobile security software, which looks for apps that could pose privacy risks, found that Facebook’s Android app had been “leaking” the phone number of Android devices on which it was installed. A Symantec spokesman told The Huffington Post that any Android smartphone running the buggy Facebook app was affected by the flaw and could have had its phone number uploaded to Facebook's servers.

“The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers,” Symantec's blog post said. “You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen.”

Facebook's spokesman told The Huffington Post that the social network did not "use or process the numbers in any way," and said they had been deleted from Facebook’s servers.

“This was a bug in the Facebook for Android app, and we thank Symantec for bringing it to our attention,” Facebook spokesman Derick Mains told The Huffington Post in an email. “We've fixed it in the next version of the app, which is available for anyone to download as a beta today."

Symantec estimated in its blog post that a "significant portion" of the "hundreds of millions of devices" on which Facebook's Android app have been installed were affected by the bug. Mains said that because Facebook deleted the collected phone numbers after being notified of the bug, it could not estimate how many people were affected or numbers were collected.

This article has been updated to include additional information from Symantec and comment from a Facebook spokesman.

Earlier on HuffPost:

7 Ways You Might Be Oversharing On Facebook
of
Share
Tweet
Advertisement
Share this
close
Current Slide

Suggest a correction

Around the Web

Android Users: Facebook Wants You to Test Its Latest App

How to sign up for Facebook's Android beta program

Facebook looking for beta-testers for its official Android app

Facebook plans a beta testing programme for its Android smartphone users

Facebook's Rapid Android App Schedule Makes Up For Facebook Home's Limp ...

Facebook's Android app getting public beta testing today

Facebook announces Android app beta testing program starting June 27th ...

 
From Our Partners