Facebook’s decision to offer applications access to users’ phone numbers and addresses has put the company in the crosshairs of yet another privacy debate.
“We are now making a user’s address and mobile phone number accessible as part of the User Graph object,” blogged Jeff Bowen, a member of Facebook’s developer support team. “Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions. These permissions must be explicitly granted to your application by the user via our standard permissions dialogs.”
According to the company, the idea is to make applications built on Facebook more “useful and efficient.”
“For example, a frequently used e-commerce application or Website is better when it has your address stored for a faster checkout, and an airline can serve you better if it has an always-up-to-date mobile number to reach you for last-minute itinerary changes,” a Facebook spokesperson told eWEEK.
Still, the prospect of rogue applications getting access to phone and address information should make users nervous, opined Graham Cluley, senior technology consultant at Sophos.
“Facebook is already plagued by rogue applications that post spam links to users’ walls, and point users to survey scams that earn them commission-and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service,” he blogged. “Now, shady app developers will find it easier than ever before to gather even more personal information from users. You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies.”
However, in order for an app to access the information, the user still has to grant the application permission.
“You need to explicitly choose to share your data before any app or Website can access it, and no private information is shared without your permission,” the Facebook spokesperson said. “As an additional step for this new feature, you’re not able to share your friends’ address or mobile information.”
