Mobile
News
7/2/2013
05:01 PM
Connect Directly
RSS
E-Mail
50%
50%

Android Phone Numbers Leaked By Facebook App

Symantec spots privacy leak and Facebook issues patch, saying it was an inadvertent coding error and phone numbers did not go public.

That Android beta was the first beta build released by Facebook as part of its expanded beta testing program. Previously, new versions of the Android app were tested by about 1,000 Facebook employees. But owing to Android fragmentation, the company has opened up the program to anyone who wants to join the Facebook for Beta Testers group. Facebook said it's hoping to release the updated Android app -- with the privacy-leak patch -- to Google Play for general downloading on July 8.

The Android bug wasn't the only recent privacy snafu involving Facebook. Last month, the social network reported that it had fixed a bug on its servers -- reported via its Facebook White Hat bug bounty program -- that was inadvertently storing email addresses and telephone numbers for 6 million users.

"Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people's contact information as part of their account on Facebook," said a Facebook security advisory. "As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool."

Facebook said that when it learned of the bug, it immediately deactivated the DYI tool, fixed the code involved, and had the DYI tool working again the following day. It said it's been notifying regulators in the United States, Canada and Europe, as well as affected users.

"We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing," according to the Facebook statement.

The company apologized for the bug. "Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again," it said. "Your trust is the most important asset we have."

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Majo
50%
50%
Majo,
User Rank: Apprentice
7/3/2013 | 6:15:54 PM
re: Android Phone Numbers Leaked By Facebook App
The bug would be a jackpot for security surveillance linking phones and Facebook accounts. Pay-per-use phones can be linked to Facebook users, and 'temporary' Facebook accounts to phone accounts. Sweet.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.