Facebook hands out users’ mobile numbers and addresses
Facebook is giving app developers access to users’ mobile phone numbers and home addresses, raising fears that the data could easily fall into the wrong hands.
The social-networking site has been plagued with so-called “rogue apps” that trick users into handing over personal data based on false promises – such as being able to see which people have looked at their profile.
Now applications will be able to specifically request access to users’ mobile phone numbers and home addresses, according to the Facebook Developers blog.
Security experts fear that many people will be hoodwinked into handing over the data. “I realise that Facebook users will only have their personal information accessed if they ‘allow’ the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this,” said senior technology consultant, Graham Cluley, writing on security firm Sophos’s Naked Security blog.
“Shady app developers will find it easier than ever before to gather even more personal information from users,” Cluley added. “You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies.”
Cluley recommends that users remove their mobile phone number and address from their Facebook profile to prevent rogue applications gaining access to the data.
He also questions whether Facebook should be so willing to hand such sensitive data to all-comers. “You have to ask yourself – is Facebook putting the safety of its 500+ million users as a top priority with this move?” he asks.
“Wouldn’t it better if only app developers who had been approved by Facebook were allowed to gather this information?
“It won’t take long for scammers to take advantage of this new facility, to use for their own criminal ends.”
Facebook claims adequate safeguards are in place for user data. “On Facebook you have absolute control over what information you share, who you share it with and when you want to remove it,” the company claims in a statement.
“Developers can now request permission to access a person’s address and mobile phone number to make applications built on Facebook more useful and efficient. You need to explicitly choose to share your data before any app or website can access it and no private information is shared without your permission.
“As an additional step for this new feature, you’re not able to share your friends’ address or mobile information.”