Facebook hands out users' mobile numbers and addresses
By Barry Collins
Posted on 17 Jan 2011 at 07:32
Facebook is giving app developers access to users' mobile phone numbers and home addresses, raising fears that the data could easily fall into the wrong hands.
The social-networking site has been plagued with so-called "rogue apps" that trick users into handing over personal data based on false promises - such as being able to see which people have looked at their profile.
Now applications will be able to specifically request access to users' mobile phone numbers and home addresses, according to the Facebook Developers blog.
Security experts fear that many people will be hoodwinked into handing over the data. "I realise that Facebook users will only have their personal information accessed if they 'allow' the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this," said senior technology consultant, Graham Cluley, writing on security firm Sophos's Naked Security blog.
"Shady app developers will find it easier than ever before to gather even more personal information from users," Cluley added. "You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies."
Cluley recommends that users remove their mobile phone number and address from their Facebook profile to prevent rogue applications gaining access to the data.
He also questions whether Facebook should be so willing to hand such sensitive data to all-comers. "You have to ask yourself - is Facebook putting the safety of its 500+ million users as a top priority with this move?" he asks.
"Wouldn't it better if only app developers who had been approved by Facebook were allowed to gather this information?
"It won't take long for scammers to take advantage of this new facility, to use for their own criminal ends."
Facebook claims adequate safeguards are in place for user data. "On Facebook you have absolute control over what information you share, who you share it with and when you want to remove it," the company claims in a statement.
"Developers can now request permission to access a person’s address and mobile phone number to make applications built on Facebook more useful and efficient. You need to explicitly choose to share your data before any app or website can access it and no private information is shared without your permission.
"As an additional step for this new feature, you're not able to share your friends' address or mobile information."
From around the web
Why?
For what possible reason does an app need this sort of info?
Other than gathering numbers for marketing spam...
Really odd move by the FaceBook team.
- Cue a list of posts saying that they don't use Facebook...
By greemble on 17 Jan 2011 
As the trend continues into 2011 for cybercriminals to use popular online trends to trick users into revealing personal information http://bit.ly/i71bId it is necessary for users to be aware of such 'rogue' apps. Particularly when there are a number of young users online who may be naive to these actions, Facebook surely has an obligation to protect its vast number of members.
By Juliette_msc on 17 Jan 2011
I don't use facebook ;-)
By edgayton on 17 Jan 2011
Good suggestion
On Graham Cluley's updated blog, an excellent suggestion has been made:
"Chris Miller
Since Facebook will now let apps access your address & number, I have set my no. to 650-543-4800 (FB Customer Service)"
By greemble on 17 Jan 2011
I don't use facebook ;-)
By edgayton on 17 Jan 2011
Don't USe Your Real Identity
I use made up details of facebook. No real contact details. You need to protect your identity on-line because of things like this. Even allegedly legitimate company sell your details to scammers.
Only my real friends know my details.
By Manuel on 17 Jan 2011
I don't use Facebook
I don't use Facebook.
By CraigieDD on 17 Jan 2011
Seeing as the "find out who looked at your profile" line and its variants are so common and persistent, perhaps the screen where you agree to handover your details (which is designed by Facebook and totally under their control) could specifically state that applications cannot tell who looked at your profile with a button to "Block and Report" the app if it is claiming to do so.
I'm sure the Facebook designers can find a way to do that in an intuitive, consistent and simple manner, just like the rest of Facebook is intuitive, consistent and simple - oh hang on, that's not right is it?
By halsteadk on 17 Jan 2011
Now we know why Facebook is valued at $50bn
I guess this is the price Zuckerberg has had to pay for all that money being pumped into the company...
By Penfolduk01 on 17 Jan 2011
What is Facebook??
By vikarmo on 18 Jan 2011
update your details
Long ago i noticed a slow increase in Facebook sourced spam and junk arriving at my e-door. I looged on to fb and changed my details to bogus ones - bingo stopped.
By glitter12 on 18 Jan 2011
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
