The latest stable release of the Facebook for Android application appears to be collecting user’s contact list(phone numbers) without permission and then uploads it to Facebook servers.
Norton by Symantec, a leading antivirus provider, revealed its findings in a blog post, that when the first time a user launch the Facebook Android application, even before logging in, their phone numbers will be sent over the Internet to Facebook servers. They don’t need to provide their phone number, log in, initiate a specific action, or even need a Facebook account for this to happen.
At this point of time, Facebook has not claimed that this is an accident however acknowledged the issue and said that it will release a fix for its Android app in the coming weeks.
Facebook told Norton that they did not use or process the phone numbers that were obtained in this manner and have deleted them from the servers.
Its is believed that the “bug” may have been fixed in the latest Beta version of Facebook for Android which is available today.
“This was a bug in the Facebook for Android app, and we thank Symantec for bringing it to our attention,” Facebook spokesman Derick Mains told The Huffington Post in an email. “We’ve fixed it in the next version of the app, which is available for anyone to download as a beta today.”
The Facebook for Android Beta is available to all and can be download when users opt-in manually. More details on how to get Facebook for Android Beta here[link].
Users who wish to verify if their Facebook app or other applications are leaking private information, they can download Norton Mobile Security with Norton Mobile Insight[Download Link] and scan the device.
Norton said it has has analyzed over 4 million Android applications and processes tens of thousands of new applications every day. Through automatic and proprietary static and dynamic analysis techniques, Norton Mobile Insight is able to automatically discover malicious applications, privacy risks, and potentially intrusive behavior. Further, Mobile Insight will tell users exactly what risky behavior an application will perform and give you specific, relevant, and actionable information.
