Mobile
News
7/2/2013
05:01 PM
50%
50%

Android Phone Numbers Leaked By Facebook App

Symantec spots privacy leak and Facebook issues patch, saying it was an inadvertent coding error and phone numbers did not go public.

That Android beta was the first beta build released by Facebook as part of its expanded beta testing program. Previously, new versions of the Android app were tested by about 1,000 Facebook employees. But owing to Android fragmentation, the company has opened up the program to anyone who wants to join the Facebook for Beta Testers group. Facebook said it's hoping to release the updated Android app -- with the privacy-leak patch -- to Google Play for general downloading on July 8.

The Android bug wasn't the only recent privacy snafu involving Facebook. Last month, the social network reported that it had fixed a bug on its servers -- reported via its Facebook White Hat bug bounty program -- that was inadvertently storing email addresses and telephone numbers for 6 million users.

"Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people's contact information as part of their account on Facebook," said a Facebook security advisory. "As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool."

Facebook said that when it learned of the bug, it immediately deactivated the DYI tool, fixed the code involved, and had the DYI tool working again the following day. It said it's been notifying regulators in the United States, Canada and Europe, as well as affected users.

"We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing," according to the Facebook statement.

The company apologized for the bug. "Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again," it said. "Your trust is the most important asset we have."

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Majo
50%
50%
Majo,
User Rank: Apprentice
7/3/2013 | 6:15:54 PM
re: Android Phone Numbers Leaked By Facebook App
The bug would be a jackpot for security surveillance linking phones and Facebook accounts. Pay-per-use phones can be linked to Facebook users, and 'temporary' Facebook accounts to phone accounts. Sweet.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.