For the past 9 months, Facebook app developers have been accidentally accessing users’ phone numbers without permission. Facebook has finally closed the loophole.
Facebook has finally patched a bug that leaked users’ private phone numbers to application developers—nine months after the problem was first reported.
The bug affected users who’d given mobile Facebook apps permission to access their email address. But when the developer put out a query for the email, Facebook would instead return the user’s ten-digit phone number.
Developers reported to Facebook in June of last year. Shortly thereafter, the company confirmed the bug existed at its developer site, claiming phone numbers were being returned once for every 1,000 queries. But some app creators reported a much higher frequency.
The American Legacy Foundation, an anti-smoking nonprofit, told IDG they were getting phone numbers instead of emails once every 200 queries. Their app, called Ubiquitous, is part of a study run by the National Institutes of Health. The foundation, unwilling to breach users’ privacy by calling them on the phone, found themselves hamstrung by the problem. It was “making it impossible for us to follow up with users as part of the study,” a researcher told IDG.
Did any less-scrupulous developers use the numbers to call up users without their permission? Facebook hasn’t said.
The fact it took the company nine months to fix a serious bug affecting users’ private data will not sit well with privacy groups, who worry the company is more interested in selling your data than protecting it.
Just last month, the site’s newest, much-hyped feature—Graph Search—received a flurry of criticism for its potential to violate your privacy. The tool allows users to search through their friends’ data using natural language processing—you can ask Facebook to tell you about ski resorts your friends have visited, for instance, or ask it to list out all your friends who are single.
But at the same time, Graph Search suddenly makes it possible for friends to uncover data you may have forgotten you posted—or allow them to piece together disparate items from your posting history and reach conclusions about your private life you’d rather they not.
Photo by Robert Scoble/Flickr
Pure, uncut internet. Straight to your inbox.