Facebook tweak reveals addresses, phone numbers

In what is potentially another privacy misstep, Facebook makes a change that can give developers access to users' addresses and cell phone numbers.

Edward Moyer Senior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
Expertise Wordsmithery. Credentials
  • Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
Edward Moyer
2 min read

In what is potentially another privacy misstep, Facebook has made a change to a permissions dialog box users see when downloading third-party Facebook apps--a change that potentially makes users' addresses and phone numbers available to app developers.

The tweak was made known to developers of third-party apps Friday night, by way of a post on the Facebook Developer Blog. Basically, when a person starts downloading a third-party Facebook app, a Request for Permission dialog box appears that asks for access to basic information including the downloader's name, profile picture, gender, user ID, list of friends, and more. What's new as of Friday is an additional section that asks for access to the downloader's current address and mobile phone number.

As mentioned in numerous media reports, the concern among Facebook users and privacy advocates is that users won't notice the change and will click the dialog box's Allow button unthinkingly. Further, people are worried that unscrupulous developers could cook up bogus apps with the sole purpose of capturing the private information--apps that wouldn't necessarily be spotted and taken down immediately. Aside from the potential for outright hacking and identity theft, it's not unheard of for app developers to sell information on Facebook users to data brokers.

Users of third-party Facebook apps can simply click the Don't Allow button--which reportedly won't interfere with a successful download--or they can remove their address and phone number from their Facebook profile.

Graham Cluely, with security company Sophos, suggested in his own blog post that users do the latter. (The post was brought to our attention by PC Magazine.)

"My advice to you is simple," Cluely wrote, highlighting the following with boldface text, "remove your home address and mobile phone number from your Facebook profile now." (CNET's Larry Magid walks you through that simple process here.)

Cluely also wondered if Facebook could have taken a safer approach.

"Wouldn't it be better if only app developers who had been approved by Facebook were allowed to gather this information?" he wrote. "Or--should the information be necessary for the application--wouldn't it be more acceptable for the app to request it from users, specifically, rather than automatically grabbing it?"

CNET e-mailed Facebook a request for comment but hadn't heard back by publication time.

Privacy was a major issue for Facebook last year, with the company provoking the concern of privacy advocates, lawmakers, and social-networking fans alike.