In what is potentially another privacy misstep, Facebook has made a change to a permissions dialog box users see when downloading third-party Facebook apps–a change that potentially makes users’ addresses and phone numbers available to app developers.
The tweak was made known to developers of third-party apps Friday night, by way of a post on the Facebook Developer Blog. Basically, when a person starts downloading a third-party Facebook app, a Request for Permission dialog box appears that asks for access to basic information including the downloader’s name, profile picture, gender, user ID, list of friends, and more. What’s new as of Friday is an additional section that asks for access to the downloader’s current address and mobile phone number.
As mentioned in numerous media reports, the concern among Facebook users and privacy advocates is that users won’t notice the change and will click the dialog box’s Allow button unthinkingly. Further, people are worried that unscrupulous developers could cook up bogus apps with the sole purpose of capturing the private information–apps that wouldn’t necessarily be spotted and taken down immediately. Aside from the potential for outright hacking and identity theft, it’s not unheard of for app developers to sell information on Facebook users to data brokers.
Screen capture of the Friday post on the Facebook Developer Blog, showing the newly tweaked Request for Permission dialog box, with addition of address and phone number section.
(Credit: Screenshot by Edward Moyer/CNET)
Users of third-party Facebook apps can simply click the Don’t Allow button–which reportedly won’t interfere with a successful download–or they can remove their address and phone number from their Facebook profile.
Graham Cluely, with security company Sophos, suggested in his own blog post that users do the latter. (The post was brought to our attention by PC Magazine.)
“My advice to you is simple,” Cluely wrote, highlighting the following with boldface text, “remove your home address and mobile phone number from your Facebook profile now.” (CNET’s Larry Magid walks you through that simple process here.)
Cluely also wondered if Facebook could have taken a safer approach.
“Wouldn’t it be better if only app developers who had been approved by Facebook were allowed to gather this information?” he wrote. “Or–should the information be necessary for the application–wouldn’t it be more acceptable for the app to request it from users, specifically, rather than automatically grabbing it?”
CNET e-mailed Facebook a request for comment but hadn’t heard back by publication time.
Privacy was a major issue for Facebook last year, with the company provoking the concern of privacy advocates, lawmakers, and social-networking fans alike.