Six Lines

Facebook Allows API Access to Phone Numbers and Addresses

Posted by Aaron Massey on 18 Jan 2011.

One of the biggest problems with privacy policies is that organizations can change them without warning. Facebook has become well-known for their changes to their privacy policies, and they have recently announced another big one: your phone number and address are now available to third-party developers through the Facebook API. Here’s a snippet from Ars Technica’s coverage:

Despite Facebook’s reassurance that users will have the final say in who gets the info and who doesn’t, it didn’t take long for observers to point out that it will be easy for shady developers to get in on the action. Security research firm Sophos wrote on its blog that rogue Facebook app developers already manage to trick users into giving them access to personal data, and this move will only make things more dangerous.

“You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies,” Sophos senior technology consultant Graham Cluley wrote. “The ability to access users’ home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users’ profiles.”