Facebook Android app collected phone numbers even if users never logged in
Facebook recently invited volunteers to beta test updates to its Android app and apparently it collected the phone numbers of everyone who launched said application.
Facebook security and privacy issues are hardly news anymore, but the newest one tops it all: the Android app collected phone numbers even if users didn't log in or have an account. Just in case it's not clear, the phone numbers went back to Facebook's servers without any user permission. The social networking company claims it deleted all of those numbers, but why did it collect them to begin with?
Security company Symantec discovered the bug following an update to its Norton Mobile Security app for Android and blew the whistle in a recent announcement. Since then, Facebook confirmed to ReadWrite that it did indeed collect the phone numbers of its app volunteers, but the latest (beta) version of the app fixed the bug that allowed this to happen.
"Mobile Insight automatically flagged the Facebook application for Android because it leaked the device phone number," writes Symantec. "The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers."
"You do not need to provide your phone number, log in, indicate a specific action, or even need a Facebook account for this to happen," the company further explains. "According to Google Play, hundreds of millions of devices have installed the Facebook application and a significant portion of those devices are likely affected."
It was only last week that Facebook was responsible for another privacy breach. In that case, the social networking company exposed the contact information of no less than 6 million users, sharing their email addresses and phone numbers with other Facebook users. That issue is apparently not related to this one.
"We did not use or process these numbers in any way, and have already deleted them from our servers," Facebook spokesman Derick Mains told ReadWrite in regards to the latest privacy snafu.
As the publication further notes, one question still lingers: If the fix is only for the beta version of the next Facebook for Android app, does this mean that current users of the regular, non-beta version have their numbers collected and stored? Mains said the company didn't store any more numbers since it learned of the bug, as it now deletes them right away. The fix should be a part of the full-scale release of Facebook's next Android update on July 8.