informa
/
2 MIN READ
News

Android Phone Numbers Leaked By Facebook App

Symantec spots privacy leak and Facebook issues patch, saying it was an inadvertent coding error and phone numbers did not go public.
That Android beta was the first beta build released by Facebook as part of its expanded beta testing program. Previously, new versions of the Android app were tested by about 1,000 Facebook employees. But owing to Android fragmentation, the company has opened up the program to anyone who wants to join the Facebook for Beta Testers group. Facebook said it's hoping to release the updated Android app -- with the privacy-leak patch -- to Google Play for general downloading on July 8.

The Android bug wasn't the only recent privacy snafu involving Facebook. Last month, the social network reported that it had fixed a bug on its servers -- reported via its Facebook White Hat bug bounty program -- that was inadvertently storing email addresses and telephone numbers for 6 million users.

"Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people's contact information as part of their account on Facebook," said a Facebook security advisory. "As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool."

Facebook said that when it learned of the bug, it immediately deactivated the DYI tool, fixed the code involved, and had the DYI tool working again the following day. It said it's been notifying regulators in the United States, Canada and Europe, as well as affected users.

"We currently have no evidence that this bug has been exploited maliciously and we have not received complaints from users or seen anomalous behavior on the tool or site to suggest wrongdoing," according to the Facebook statement.

The company apologized for the bug. "Although the practical impact of this bug is likely to be minimal since any email address or phone number that was shared was shared with people who already had some of that contact information anyway, or who had some connection to one another, it's still something we're upset and embarrassed by, and we'll work doubly hard to make sure nothing like this happens again," it said. "Your trust is the most important asset we have."