Facebook has temporarily backed away from its decision to allow applications to access users' mobile phone and address information.
The decision to share the information touched off days of controversy as privacy advocates and security pros aired concerns the feature could be abused. According to Facebook, the idea was to make applications more efficient. The change, for example, could have allowed users to share their address and mobile phone number "with a shopping site to streamline the checkout process," blogged Douglas Purdy, director of developer relations for Facebook.
"Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data," Purdy blogged. "We agree, and we are making changes to help ensure you only share this information when you intend to do so. We'll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready. We look forward to re-enabling this improved feature in the next few weeks."
Facebook did not state exactly what those changes will be.
The social network's initial plans sparked discussions regarding privacy and security concerns, with some people questioning the wisdom of handing such information off to developers. Some speculated the situation could be abused by rogue developers to harvest personal data. The company, however, stressed that users would still need to grant applications permission to access the information.
"As with the other information you share through our permissions process, you need to explicitly choose to share this data before any application or Website can access it, and you cannot share your friends' address or mobile number with applications," Purdy wrote. "Also, like other data you make available to third party apps and Websites, you can always clearly see and control the ways your information is being used in the Application Dashboard."
The best solution would be to permit users to provide this data via a dropdown or checkbox when they choose to add an application, blogged Chester Wisniewski, a senior security adviser at Sophos Canada. It should not be required, however, he opined.
"Users who want the convenience that Facebook is offering should be able to choose to share their information, but those of us who are more security-conscious should be able to opt out and elect to type it in when necessary," he wrote. "Facebook has been pushing the boundaries of privacy for a long time, but despite the uproar, few in the community have abandoned the service. It is great news that Facebook is responding to the outrage about this recent change, but I wonder if most users will be satisfied with their eventual solution."