Facebook Disables Phone Number Sharing

Facebook has temporarily disabled a feature introduced on Friday that allowed users to share their addresses and mobile phone numbers, after the feature attracted criticism.

The company said it had received “useful feedback” on how users could be made more aware of the privacy implications of the feature.

Feature suspended

“Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data,” said Facebook’s Douglas Purdy in a post on the site’s developer blog. “We agree, and we are making changes to help ensure you only share this information when you intend to do so.”

He said the updates would be added “as soon as possible” and that the feature would be disabled in the meantime.

“We look forward to re-enabling this improved feature in the next few weeks,” Purdy wrote.

Security experts advised users to remove their mobile phone and home address details from Facebook following Friday’s changes, which were criticised as making it dangerously easy for rogue apps to get access to personal details.

The changes made it dangerously easy for malicious applications to pass phone numbers and address details to spammers and criminals, according to security expert Graham Cluley of Sophos. The warning is just the latest of several recent privacy warnings about the site.

Sensitive information

“We are now making a user’s address and mobile phone number accessible as part of the User Graph object,” Facebook’s Jeff Bowen announced on a developer blog post on Friday. This means that when a user adds a new application or service in Facebook, the site will offer to share the user’s details unless told not to do so in a dialogue box.

“Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions,” explained Bowen. “These permissions must be explicitly granted to your application by the user via our standard permissions dialogs.”

However, the dialogue is not explicit enough, according to Cluley: “I realise that Facebook users will only have their personal information accessed if they ‘allow’ the app to do so,” he said, “but there are just too many attacks happening on a daily basis which trick users into doing precisely this.”

“It won’t take long for scammers to take advantage of this new facility, to use for their own criminal ends,” Cluley warned. A rogue app could collect phone numbers to be used by SMS spammers and cold callers, or gather street addresses for use in identity theft crimes.