Once More Unto the Breach – Facebook Apps Can Now Access Your Address and Phone Number

By Akemi Iwaya on January 17th, 2011

Just when you thought things might have settled down, Facebook has once again taken a step that could put more of your personal information at risk. Going forward third party app developers will now have the opportunity to access your home address and mobile phone number information.

Photo by Facebook.

The first thing to keep in mind is that this access is not automatic…anyone installing an app will need to allow said app to access that information. So if you are someone who keeps their privacy settings locked down nicely and are careful about the apps that you install, then you should be fine.

The real problem comes in when you consider app developers who are unscrupulous and seek to spread malware and/or gather as much personal information as possible through trickery.

From the Sophos blog post: Facebook is already plagued by rogue applications that post spam links to users’ walls, and point users to survey scams that earn them commission – and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service.

Now, shady app developers will find it easier than ever before to gather even more personal information from users. You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies.

The ability to access users’ home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users’ profiles.

Now combine the unscrupulous app developers with people who do not take the time to think about the implications of installing questionable apps simply because they are in a hurry to start “enjoying” those shiny new apps. It is not a pleasant thought when you think of the number of people who may have their personal information compromised over this.

Many of us know someone who seems to attract trouble like a magnet due to unsafe internet practices. If you do, then pass this information on to them with the advice to be more careful. You just may save that person (or people) a lot of headaches later. And if you have not reviewed the settings in your Facebook account recently, then this is a good time to go back through and check them.

Something to keep in mind: Neither post mentioned how this is handled with apps already installed to user accounts, so you may be asked for permission by them going forward. There is also the possibility that if you already have an app installed, then permission is considered as “automatically” given.

Rogue Facebook apps can now access your home address and mobile phone number (Naked Security Sophos Blog) [via Graham Cluley]

You can see the original Facebook blog post and examples of the JavaScript SDKs here:

Platform Updates: New User Object fields, Edge.remove Event and More

Akemi Iwaya is a devoted Mozilla Firefox user who enjoys working with multiple browsers and occasionally dabbling with Linux. She also loves reading fantasy and sci-fi stories as well as playing "old school" role-playing games. You can visit her on Twitter and .

  • Published 01/17/11
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!