Pages

Sunday, June 30, 2013

Anti-virus software shows Facebook app stole Android users’ phone numbers without their consent

from EndTheLie.com: The mobile anti-virus and anti-malware software produced by Norton discovered that the Facebook application for Android was secretly identifying users’ phone numbers and sending them to Facebook’s servers.

This news is especially interesting given Facebook’s role in the recently revealed National Security Agency (NSA) programs. Indeed, Martin Dempsey, chairman of the Joint Chiefs of Staff, reportedly met with Facebook executives to discuss the program.

Facebook also enjoys a cozy relationship with the intelligence community. The former chief security officer for Facebook left the internet giant for the NSA and the company quite clearly works with government as the latest leaks have shown.

A student group in Europe has also filed a complaint against Facebook over the handling of private data and last year a report revealed that Facebook was spying on smartphone users’ text messages.
In this latest instance of the violation of user privacy, Facebook’s Android application leaked the user’s phone number even before logging in.

This happened the first time the user launched the Facebook application and the number “will be sent over the Internet to Facebook servers.”

“You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen,” Norton said in an official post.

A “significant portion” of the hundreds of millions of people who have installed the Facebook application were affected, according to Norton, the makers of Symantec.

It’s worth noting that in the past, Symantec has published information on an intelligence gathering virus based on the U.S./Israeli-made Stuxnet worm and one Symantec researcher revealed that the U.S. targeted an Iranian nuclear research facility before it was built. However, last year Symantec also backed CISPA, a highly controversial piece of legislation.

Facebook told Norton that they “investigated the issue and will provide a fix in their next Facebook for Android release.”

“They stated they did not use or process the phone numbers and have deleted them from their servers,” Norton stated in the post.

Far more worrisome, however, is the fact that Norton says it is not the only application guilty of leaking private data.

“Unfortunately, the Facebook application is not the only application leaking private data or even the worst,” the company said. “We will continue to post information about risky applications to this blog in the upcoming weeks.”

Google Play has a quite abysmal privacy history. Earlier this year it was reported that Google was sending highly personal information to application developers without users consent or knowledge.
Just nine days ago, it was also reported that Facebook leaked the contact information of some six million users.

No comments:

Post a Comment