Home Facebook’s Android App Vacuumed Up Your Phone Number Without Permission

Facebook’s Android App Vacuumed Up Your Phone Number Without Permission

Yesterday, Facebook put out a call for volunteers to beta test updates to its Android application. You have to wonder how that’s going for them, given news that the Facebook has been logging the phone numbers of anyone who launched that app—whether they have a Facebook account or not. Without permission, of course.

Facebook just confirmed to ReadWrite that it did store the phone numbers of its app users as the result of a bug that it fixed in the latest version of the app, which it released today. (In beta, naturally.) Facebook said it has deleted the numbers it inadvertently logged.

Security vendor Symantec announced the bug yesterday, having discovered it following an update to the company’s Norton Mobile Security app for Android. “The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers,” Symantec wrote on its official blog.

Facebook Has Your Number—Literally

According to Symantec, Facebook grabbed your phone number even if you were never prompted to enter your phone number, never logged in, and even if you don’t have a Facebook account at all. All you had to do was to install and launch the Android app; Facebook took care of the rest.

We don’t know how many Android users have been potentially affected. For some context, the Facebook app has racked up more than seven million ratings in the Google Play store and has been installed between 100 million and 500 million times, according to the rudimentary statistics provided on the Play page.

There doesn’t seem to be any connection between this bug and another privacy snafu Facebook announced last week. In that case, the social network potentially exposed the contact information of 6 million individuals—i.e., email addresses and phone numbers—to other Facebook users.

In response to a request for comment, Facebook spokesman Derick Mains responded in an email message, “We did not use or process these numbers in any way, and have already deleted them from our servers.”

Update: Because the fix is only present in the beta version of Facebook’s next Android release, that does raise the concern that current users who download the non-beta version of the app are still having their numbers logged. Mains responded, “Numbers have not been stored since we were made aware of the bug (we delete them right away).” Expect the fix to be present in the full-scale release of the next update on July 8. 

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.