Rogue Facebook apps can now access your home address and mobile phone number

by Graham Cluley on January 16, 2011 | 95 Comments

Filed Under: Data loss, Featured, Mobile, Privacy, Social networks, Spam

In a move that could herald a new level of danger for Facebook users, third party application developers are now able to access your home address and mobile phone number.

Facebook has announced that developers of Facebook apps can now gather the personal contact information from their users.

Request for permission to access home address and phone number

I realise that Facebook users will only have their personal information accessed if they "allow" the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this.

Facebook is already plagued by rogue applications that post spam links to users' walls, and point users to survey scams that earn them commission - and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service.

Now, shady app developers will find it easier than ever before to gather even more personal information from users. You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies.

The ability to access users' home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users' profiles.

You have to ask yourself - is Facebook putting the safety of its 500+ million users as a top priority with this move?

Wouldn't it be better if only app developers who had been approved by Facebook were allowed to gather this information? Or - should the information be necessary for the application - wouldn't it be more acceptable for the app to request it from users, specifically, rather than automatically grabbing it?

It won't take long for scammers to take advantage of this new facility, to use for their own criminal ends.

My advice to you is simple: Remove your home address and mobile phone number from your Facebook profile now. While you're at it, go through our step-by-step guide for how to make your Facebook profile more private.

If you're a Facebook user, you should also consider joining the Sophos Facebook page where we regularly discuss how you can use Facebook more safely, and warn of the latest scams and internet attacks.

Update: Judging by reactions on Facebook and Twitter, I'm not alone in finding this new ability for Facebook apps concerning. Here's an example of how one user has responded:

Chris Miller@anotherlab
Chris Miller
Since Facebook will now let apps access your address & number, I have set my no. to 650-543-4800 (FB Customer Service) http://bit.ly/gkJvYD

January 16, 2011 9:51 pm via TweetDeckRetweetReply

Update: Facebook has temporarily rescinded this new option to further improve its clarity to users.

Tags: , , , , , ,

About the author

Graham Cluley is senior technology consultant at Sophos. In both 2009 and 2010, the readers of Computer Weekly voted him security blogger of the year and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which is very cool. You can contact him at gc@sophos.com, or for daily updates follow him on Twitter at @gcluley.

Related Posts

iPhone and Facebook

Is it time for Facebook to learn a security lesson from Apple?

Scam: 150 free Facebook credits

Free 150 FB Credits? Latest Facebook scam spreads its tentacles wide

Girl's sexy Facebook video scam

Girl's sexy Facebook video is disguise for survey scam

Facebook scares users with account protection status warning

Facebook scares users with account protection status warning