As Symantec describes on its blog, when its developers tested its new Norton Mobile Security product against some of the world’s most popular Android apps, they were disturbed to see a warning message claiming that the Facebook Android app leaks personal information without the device owner’s knowledge:
“The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers. You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen.”
Following on from the revelation of an incredibly dangerous security flaw that could allow hackers to hijack any Facebook account just by sending an SMS message, and over six million users having their privacy breached, you have to wonder what is going on at Facebook.
Are things really that sloppy there?
Well done to Symantec for uncovering this serious privacy flaw in Facebook’s code. That’s a great advert for the new version of the firm’s mobile security product.
Facebook might be wise to run tools like Symantec’s over future versions of its smartphone apps, before it pushes them out to millions of users – just in case there are other unexpected privacy holes that could prove embarrassing.
Hat-tip: The Next Web.
If you’re thinking of leaving Facebook, why not listen to this “Smashing Security” podcast we recorded:
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.