Contact Us

Facebook Apps: Access To Numbers, Addresses

Awesome. Another reason to check privacy settings. A lot. -MichelleFacebook's Mark Zuckerberg

Facebook recently announced that it is making user phone numbers and addresses available to developers, a move that a security expert said “could herald a new level of danger” for Facebook members.

Facebook isn’t just releasing this information into the wild; it’s adding it to the company’s “User Graph object,” or the permissions required to install an app.

“Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions,” Facebook wrote in a blog post. “These permissions must be explicitly granted to your application by the user via our standard permissions dialogs.”

Facebook said the permissions only provide access to a user’s address and mobile phone number, not their friend’s addresses or mobile phone numbers.

Before installation, Facebook apps currently display a permissions-based menu that informs users what type of information the app is accessing. Going forward, users will be informed when the app accesses their phone numbers or addresses.

Sophos’s Graham Cluley, however, said that even though the information will only be accessible when a user gives permission, “there are just too many attacks happening on a daily basis which trick users into doing precisely this.”

“Facebook is already plagued by rogue applications that post spam links to users’ walls, and point users to survey scams that earn them commission – and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service,” Cluley wrote in a blog post.

Cluley suggested that scammers could set up a rogue app that collects mobile phone numbers and then uses that information to send SMS spam or sell the data to cold-calling companies.

Cluley wrote that only Facebook-approved app developers should be able to request this information or that app developers ask for the data rather than automatically grabbing it. In the meantime, he wrote, users should delete their phone numbers and addresses from their profile information.

Last year, there were reports that Facebook user IDs were being sent to third parties. Facebook initially proposed encryption as a possible workaround, but later opted to embed a user ID in a HTTP POST body, which means it will not be exposed in any HTTP referrer header at all; encrypted or not.

via Facebook Apps Allowing Access to Numbers, Addresses | News & Opinion |

Best of KMMS FM

Recommended For You

Best of the Web

Leave a Comment

It appears that you already have an account created within our VIP network of sites on . To keep your personal information safe, we need to verify that it's really you. To activate your account, please confirm your password. When you have confirmed your password, you will be able to log in through Facebook on both sites.

Forgot your password?

*Please note that your prizes and activities will not be shared between programs within our VIP network.

It appears that you already have an account on this site associated with . To connect your existing account just click on the account activation button below. You will maintain your existing VIP profile. After you do this, you will be able to always log in to using your original account information.

*Please note that your prizes and activities will not be shared between programs within our VIP network.

Please fill out the information below to help us provide you a better experience.

(Forgot your password?)

Not a member? Sign up here

Sign up for Moose Prize Closet quickly by connecting your Facebook account. It's just as secure and no password to remember!

Sign up to have exclusive Moose Prize Closet contests, events, coupons, presales, and much more delivered to you for FREE.