Anti-virus software shows Facebook app stole Android users’ phone numbers without their consent

from The mobile anti-virus and anti-malware software produced by Norton
discovered that the Facebook application for Android was secretly
identifying users’ phone numbers and sending them to Facebook’s servers.

This news is especially interesting given Facebook’s role in the recently revealed National Security Agency (NSA) programs. Indeed, Martin Dempsey, chairman of the Joint Chiefs of Staff, reportedly met with Facebook executives to discuss the program.

Facebook also enjoys a cozy relationship with the intelligence community. The former chief security officer for Facebook left the internet giant for the NSA and the company quite clearly works with government as the latest leaks have shown.

A student group in Europe has also filed a complaint against Facebook over the handling of private data and last year a report revealed that Facebook was spying on smartphone users’ text messages.

In this latest instance of the violation of user privacy, Facebook’s
Android application leaked the user’s phone number even before logging

This happened the first time the user launched the Facebook
application and the number “will be sent over the Internet to Facebook

“You do not need to provide your phone number, log in, initiate a
specific action, or even need a Facebook account for this to happen,”

Norton said in an official post.

A “significant portion” of the hundreds of millions of people who
have installed the Facebook application were affected, according to
Norton, the makers of Symantec.

It’s worth noting that in the past, Symantec has published information on an intelligence gathering virus based on the U.S./Israeli-made Stuxnet worm and one Symantec researcher revealed that the U.S. targeted an Iranian nuclear research facility before it was built. However, last year Symantec also backed CISPA, a highly controversial piece of legislation.

Facebook told Norton that they “investigated the issue and will provide a fix in their next Facebook for Android release.”

“They stated they did not use or process the phone numbers and have deleted them from their servers,” Norton stated in the post.

Far more worrisome, however, is the fact that Norton says it is not the only application guilty of leaking private data.

“Unfortunately, the Facebook application is not the only application
leaking private data or even the worst,” the company said. “We will
continue to post information about risky applications to this blog in
the upcoming weeks.”

Google Play has a quite abysmal privacy history. Earlier this year it was reported that Google was sending highly personal information to application developers without users consent or knowledge.

Just nine days ago, it was also reported that Facebook leaked the contact information of some six million users.

Leave a Reply