New Android News

  • Become a Fan!

Facebook for Android Application Collects Phone Numbers Without Permission

Posted In News - By DailyAndroidNews on Saturday, June 29th, 2013 With No Comments »

Facebook has been inadvertently collecting phone numbers belonging to people who download the site’s Android application — even if they aren’t members of the social network, don’t ever sign into the app or don’t explicitly share their cell phone number.

Mark Zuckerberg

The bug was reported by a security software provider Wednesday and has been confirmed by Facebook, which noted the problem will be addressed in the forthcoming version of the app. A Facebook spokesman said the company believes the technical flaw was introduced in February of this year.

Symantec, the software provider, announced in a blog post that its mobile security software, which looks for apps that could pose privacy risks, found that Facebook’s Android app had been “leaking” the phone number of Android devices on which it was installed. A Symantec spokesman told The Huffington Post that any Android smartphone running the buggy Facebook app was affected by the flaw and could have had its phone number uploaded to Facebook’s servers.

“The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers,” Symantec’s blog post said. “You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen.”

Facebook’s spokesman told The Huffington Post that the social network did not “use or process the numbers in any way,” and said they had been deleted from Facebook’s servers.

“This was a bug in the Facebook for Android app, and we thank Symantec for bringing it to our attention,” Facebook spokesman Derick Mains told The Huffington Post in an email. “We’ve fixed it in the next version of the app, which is available for anyone to download as a beta today.”

Symantec estimated in its blog post that a “significant portion” of the “hundreds of millions of devices” on which Facebook’s Android app have been installed were affected by the bug. Mains said that because Facebook deleted the collected phone numbers after being notified of the bug, it could not estimate how many people were affected or numbers were collected.

“Based on my understanding, the bug would have been found on any version of the [Facebook] Android application that’s out there, for any device it runs on,” said Satnam Narang, a security response manager with Symantec.

This article has been updated to include additional information from Symantec and comment from a Facebook spokesman.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Your Content Goes Here