Yesterday, Facebook put out a call for volunteers to beta test updates to its Android application. You have to wonder how that’s going for them, given news that the Facebook has been logging the phone numbers of anyone who launched that app—whether they have a Facebook account or not. Without permission, of course.
Facebook just confirmed to ReadWrite that it did store the phone numbers of its app users as the result of a bug that it fixed in the latest version of the app, which it released today. (In beta, naturally.) Facebook said it has deleted the numbers it inadvertently logged.
Security vendor Symantec announced the bug yesterday, having discovered it following an update to the company’s Norton Mobile Security app for Android. “The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers,” Symantec wrote on its official blog.
Facebook Has Your Number—Literally
According to Symantec, Facebook grabbed your phone number even if you were never prompted to enter your phone number, never logged in, and even if you don’t have a Facebook account at all. All you had to do was to install and launch the Android app; Facebook took care of the rest.
We don’t know how many Android users have been potentially affected. For some context, the Facebook app has racked up more than seven million ratings in the Google Play store and has been installed between 100 million and 500 million times, according to the rudimentary statistics provided on the Play page.
There doesn’t seem to be any connection between this bug and another privacy snafu Facebook announced last week. In that case, the social network potentially exposed the contact information of 6 million individuals—i.e., email addresses and phone numbers—to other Facebook users.
In response to a request for comment, Facebook spokesman Derick Mains responded in an email message, “We did not use or process these numbers in any way, and have already deleted them from our servers.”
Update: Because the fix is only present in the beta version of Facebook’s next Android release, that does raise the concern that current users who download the non-beta version of the app are still having their numbers logged. Mains responded, “Numbers have not been stored since we were made aware of the bug (we delete them right away).” Expect the fix to be present in the full-scale release of the next update on July 8.