Facebook to fix bug leaking users' phone numbers
Roughly 1/1000 users were affected by the mobile apps glitch
IDG News Service - Facebook is rolling out a patch to fix a rare bug in its API that had apparently been leaking users' phone numbers to app developers.
The glitch, which was first reported back in June 2012, was affecting the email field in some mobile apps accessing Facebook's API (application programming interface).
During the registration process users would give the developer permission to access their email address on file with Facebook. But instead of returning an email address, the app's email field was giving developers the user's phone number instead.
The bug had been occurring only once in every thousand cases, Facebook said. But with some larger app developers having multiple thousands of users, the incidence rate is significant.
One app developer affected by the glitch, however, reported a higher incidence rate. Nathan Cobb, research investigator with the American Legacy Foundation, an antismoking nonprofit, said their group's smoking cessation app, Ubiquitous, was giving them phone numbers for about one in every 200 users.
The Ubiquitous app is part of a study funded by the National Institutes of Health on health interventions through Facebook, and the bug was "making it impossible for us to follow up with users as part of the study," he said.
It is not clear whether any particular mobile operating system was more affected by the bug than another.
"We expect the issue to be resolved soon," spokeswoman Erin First said in an email Wednesday, with a notice on Facebook's developer page saying a fix would be pushed out.
Facebook said later that the bug does not breach its terms of service or users' privacy because the user is still implicitly giving the developer permission to access the phone number if that is the contact information the user has on file with Facebook.
Facebook already lets people search for users on the site by the contact information they have listed and set as public, which may include email addresses and phone numbers.
The bug had been left unpatched for almost nine months. Facebook did not immediately clarify whether it had any evidence of developers using the numbers to call users to promote their services.
Lately the social network has been forced to address other privacy concerns connected to Graph Search, its new social search engine currently in beta launch. The tool is designed to let users more easily find things on the site through their social connections, but some have questioned whether it reveals too much.
The site has sought to explain in recent weeks, for instance, why Graph Search does not compromise the privacy rights of minors.
- The Business Value of Continuous Delivery Download this whitepaper to learn more about the business value of Continuous Delivery and see why it could be a game changer for...
- Ten Factors Shaping the Future of Application Delivery Download this research report conducted by Enterprise Management Associates (EMA) to learn how those that are seeking to accelerate application delivery are leveraging...
- Software Asset Management: Ensuring Today's Assets Today's trends like BYOD and SaaS are new and exciting in terms of how they will help make our jobs more productive but...
- Trends Shaping Software Management: 2014 Most IT executives recognize the relationship between mobile computing and worker productivity, and have long issued notebook computers and other mobile devices to...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success! All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!