• ARTICLES
SEARCH

How-To Geek

Once More Unto the Breach – Facebook Apps Can Now Access Your Address and Phone Number

Just when you thought things might have settled down, Facebook has once again taken a step that could put more of your personal information at risk. Going forward third party app developers will now have the opportunity to access your home address and mobile phone number information.

Photo by Facebook.

The first thing to keep in mind is that this access is not automatic…anyone installing an app will need to allow said app to access that information. So if you are someone who keeps their privacy settings locked down nicely and are careful about the apps that you install, then you should be fine.

The real problem comes in when you consider app developers who are unscrupulous and seek to spread malware and/or gather as much personal information as possible through trickery.

From the Sophos blog post: Facebook is already plagued by rogue applications that post spam links to users’ walls, and point users to survey scams that earn them commission – and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service.

Now, shady app developers will find it easier than ever before to gather even more personal information from users. You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies.

The ability to access users’ home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users’ profiles.

Now combine the unscrupulous app developers with people who do not take the time to think about the implications of installing questionable apps simply because they are in a hurry to start “enjoying” those shiny new apps. It is not a pleasant thought when you think of the number of people who may have their personal information compromised over this.

Many of us know someone who seems to attract trouble like a magnet due to unsafe internet practices. If you do, then pass this information on to them with the advice to be more careful. You just may save that person (or people) a lot of headaches later. And if you have not reviewed the settings in your Facebook account recently, then this is a good time to go back through and check them.

Something to keep in mind: Neither post mentioned how this is handled with apps already installed to user accounts, so you may be asked for permission by them going forward. There is also the possibility that if you already have an app installed, then permission is considered as “automatically” given.

Rogue Facebook apps can now access your home address and mobile phone number (Naked Security Sophos Blog) [via Graham Cluley]

You can see the original Facebook blog post and examples of the JavaScript SDKs here:

Platform Updates: New User Object fields, Edge.remove Event and More

Akemi Iwaya (Asian Angel) is our very own Firefox Fangirl who enjoys working with multiple browsers and loves 'old school' role-playing games. Visit her on Twitter and .

  • Published 01/17/11

Comments (7)

  1. Seasider

    Surely anyone who puts that information on Facebook must want anyone to see it. I cannot see the point of filling out the contact information otherwise.

  2. AsianAngel

    @Seasider – There is a difference between putting the information on there for sharing with trusted people or for business purposes and what this could turn into. This has the potential to turn into a regular harvesting operation with the compiled databases being sold for profit or used for other purposes.

    There is absolutely NO reason why Facebook should be letting apps have access to that information period…it is not necessary for said apps to function. It strikes me as selling out the people who use Facebook in an attempt to “draw” in more developers and such who want access to that kind of information for their own purposes. Even if said apps are legit who needs more marketer calls and such related garbage?

    No…this should have never been allowed to happen in any form.

  3. indianacarnie

    I agree 100%!

    I’ve personally deleted my admittedly seldom used account over the privacy issues.

  4. sparrow

    this i saw coming when people are having so much fun they forget the security issue !!

  5. ezrider714

    Putting that information on Facebook to start with is just plain stupid,unless you want the world to see it.
    Don’t understand the bewilderment of some people

  6. Jason B.

    Article needs an update. As of 1/18, the Facebook Developer Blog is saying they have temporarily disabled the new feature until they can develop more robust privacy controls around it.

  7. i1patrick

    I don’t know why anyone inputs their REAL phone number or address in the first place. I’ve always entered fake info when filling out those fields. I can’t think of any reason I’d want FB or any similar site have access to my info like that.

    On the other hand, anyone who still has access to a paper phonebook can look up most people’s address and phone number. It’s just far less efficient to collect hundreds of thousands of people’s info.

Enter Your Email Here to Get Access for Free:

Go check your email!