Facebook to fix bug leaking users' phone numbers
Roughly 1/1000 users were affected by the mobile apps glitch
IDG News Service - Facebook is rolling out a patch to fix a rare bug in its API that had apparently been leaking users' phone numbers to app developers.
The glitch, which was first reported back in June 2012, was affecting the email field in some mobile apps accessing Facebook's API (application programming interface).
During the registration process users would give the developer permission to access their email address on file with Facebook. But instead of returning an email address, the app's email field was giving developers the user's phone number instead.
The bug had been occurring only once in every thousand cases, Facebook said. But with some larger app developers having multiple thousands of users, the incidence rate is significant.
One app developer affected by the glitch, however, reported a higher incidence rate. Nathan Cobb, research investigator with the American Legacy Foundation, an antismoking nonprofit, said their group's smoking cessation app, Ubiquitous, was giving them phone numbers for about one in every 200 users.
The Ubiquitous app is part of a study funded by the National Institutes of Health on health interventions through Facebook, and the bug was "making it impossible for us to follow up with users as part of the study," he said.
It is not clear whether any particular mobile operating system was more affected by the bug than another.
"We expect the issue to be resolved soon," spokeswoman Erin First said in an email Wednesday, with a notice on Facebook's developer page saying a fix would be pushed out.
Facebook said later that the bug does not breach its terms of service or users' privacy because the user is still implicitly giving the developer permission to access the phone number if that is the contact information the user has on file with Facebook.
Facebook already lets people search for users on the site by the contact information they have listed and set as public, which may include email addresses and phone numbers.
The bug had been left unpatched for almost nine months. Facebook did not immediately clarify whether it had any evidence of developers using the numbers to call users to promote their services.
Lately the social network has been forced to address other privacy concerns connected to Graph Search, its new social search engine currently in beta launch. The tool is designed to let users more easily find things on the site through their social connections, but some have questioned whether it reveals too much.
The site has sought to explain in recent weeks, for instance, why Graph Search does not compromise the privacy rights of minors.
- Mission Critical: Managing Mobile Applications & Content Smartphones, tablets and other mobile devices have become embedded in enterprise processes, thanks to the consumerization of IT and a new generation of...
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Planning for Mobile Success Many organizations are seeing clear and quantifiable benefits from the deployment of mobile technologies that provide access to data and applications any time,...
- The Challenges and Opportunities of Mobile Application Development Nearly all business users now demand mobile devices--their own or company-owned--along with anywhere access to corporate applications and data. What turns mobile devices...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!