Facebook allows apps to access user's address and mobile number [Update]

In a move sure to have privacy advocates up in arms, Facebook will now allow apps to access a user's current address and mobile phone number.

The new ''feature'' was quietly introduced in a blog post by Facebook platform developer relations employee Jeff Bowen late last Friday night. The Atlantic spotted the post, in which Mr Bowen outlined the new ''user_address'' and ''user_mobile_phone'' permissions which developers can now hook into.

''Please note that these permissions only provide access to a user’s address and mobile phone number, not their friend's addresses or mobile phone numbers,'' he said.

According to Nicholas Jackson, associate editor at The Atlantic, the blog post was quickly inundated by users angry at another perceived invasion of privacy from a company already infamous for its lackadaisical attitude to user privacy. Curiously, Mr Bowen's post was updated early Saturday afternoon and as of 1AM EST today no comments were visible, though it was possible to add a comment.

Sophos senior technology consultant Graham Cluley wasted no time in labelling the change a ''new level of danger'' for Facebook users.

''I realise that Facebook users will only have their personal information accessed if they "allow" the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this,'' he said.

''Shady app developers will find it easier than ever before to gather even more personal information from users. You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies.''

He advised users to remove their mobile phone number and address from their Facebook profile immediately, but Mr Jackson had a more radical solution for users looking for absolute privacy.

''If you're seriously concerned about this and other changes to Facebook's privacy settings, there's only one way around them: Remove yourself from the network entirely. It's not a move I advocate as I believe the site does more good than harm and that you're only cutting yourself off from a large -- and growing -- part of our lives, but it is an option to consider,'' he said. One Twitter user had a far more clever way to deal with the change.

''Since Facebook will now let apps access your address & number, I have set my no. to 650-543-4800 (FB Customer Service),'' wrote Chris Miller.

Update: Facebook appears to have been caught out by the size of the user backlash and will now ''temporarily disable'' the ''feature'' until it works out a way to let users know more clearly when they'll be sharing their mobile number and address with applications.

''Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and we are making changes to help ensure you only share this information when you intend to do so. We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready. We look forward to re-enabling this improved feature in the next few weeks,'' wrote Facebook's developer relations director Douglas Purdy in a blog post.

Image Credit: Facebook

Report a problem with article
Previous Story

Microsoft support scam continues to plague Australians

Next Story

Company creates self-deleting photos tool for social network sites

58 Comments

Commenting is disabled on this article.

I just told my niece off for putting her cell phone number on her FB profile a couple of days ago, there's no good reason to be putting where you live (ie: street address) and how to contact you in you profile that's just asking for trouble

If a friend is a "friend" they should have your number and address anyway. I would never post them to FaceBook.

If you have given access to an existing app, is this new setting retroactive or will the app ask for new access again?

You still have to approve the app in order to let it do that, and the app has to state that it will access that information. Honestly, I kind of assumed they already did have access to it, but then again I don't really approve any apps because I don't care for them.

if an app needs the user's current address and mobile number in order to work, why not then ask the user to provide them?... of why not give the user the ability to allow certain apps to get this info and deny it from other?

I don't have my home address on Facebook but I did have my mobile number. Coincidentally, I removed my mobile number after reviewing my list of friends. Also, I don't use third-party apps on Facebook other than Facebook for BlackBerry smartphones.

I was talking to a couple of Danes about this yesterday and this also covers people cold calling at your door they said.

I wish the UK was like this!

What happens to apps you have approved already, if they decide to start going for your address and phone number? Will you have to re-allow those or will it just start grabbing it without warning?

Least it asks you for permissions to do it, but if your the kind of person who carelessly clicks on things this might be an issue... Wait what am I saying? Its most likely going to be an issue regardless. How many times does facebook have to test their limits on privacy issues before people either a realize facebooks becoming a better myspace than myspace did or take a stand and actually do something about this crap.

Morphine-X said,
but if your the kind of person who carelessly clicks on things this might be an issue

Sadly, that would be most people on the Internet and that's one of the major reason why privacy is a big issue...

Morphine-X said,
Least it asks you for permissions to do it, but if your the kind of person who carelessly clicks on things this might be an issue... Wait what am I saying? Its most likely going to be an issue regardless. How many times does facebook have to test their limits on privacy issues before people either a realize facebooks becoming a better myspace than myspace did or take a stand and actually do something about this crap.

It's the user's fault if they click on something without reading the warning. Facebook cannot be blamed for that because they clearly display what the application requires access to; thus, Facebook have not provided any new danger with this change. The danger is caused by the user, for not reading the notice.

Callum said,

It's the user's fault if they click on something without reading the warning. Facebook cannot be blamed for that because they clearly display what the application requires access to; thus, Facebook have not provided any new danger with this change. The danger is caused by the user, for not reading the notice.
So that means it's ok to exploit human weaknesses for corporate profits. Good thinking. The law is with you on that also.

Jebadiah said,
So that means it's ok to exploit human weaknesses for corporate profits. Good thinking. The law is with you on that also.

I'd say you are completely wrong because that's not what Facebook is doing.

If ignorance and laziness are classed as 'human weaknesses', then yes, there is nothing wrong with Facebook exploiting those because Facebook shouldn't have to limit the functionality of their product, just to cater for people who are too lazy to understand it.

I am not ignorant or lazy, so I completely understand the truth surrounding this issue. Due to me being able to comprehend the true situation, I don't see how you can refer to the fact some don't as a 'human weakness'.

It is a matter of ethics. I am sure Facebook is aware of how many people fall prey to these scams.

Besides, I remember apps that completely hid what they were actually asking. Is it not possible for applications to disguise what they are asking for?

Callum said,

I'd say you are completely wrong because that's not what Facebook is doing.

If ignorance and laziness are classed as 'human weaknesses', then yes, there is nothing wrong with Facebook exploiting those because Facebook shouldn't have to limit the functionality of their product, just to cater for people who are too lazy to understand it.

I am not ignorant or lazy, so I completely understand the truth surrounding this issue. Due to me being able to comprehend the true situation, I don't see how you can refer to the fact some don't as a 'human weakness'.

Callum said,

If ignorance and laziness are classed as 'human weaknesses', then yes, there is nothing wrong with Facebook exploiting those because Facebook shouldn't have to limit the functionality of their product, just to cater for people who are too lazy to understand it.

What are you, 12? In real life (jobs, family, health, kids, banks, cars, parents, birthdays, parties, dates etc) people are dealing with more than re-installing their Windows and being Facebook profile gurus. How many people do you think have the time and the legal capacity to read and understand EULAs? Heck, most people don't read their bank contracts. They rely on the fact that if they get screwed over no business will get their return business. As Facebook doesn't care (that much, yet, until a big privacy scandal hits) they believe they are doing enough - you get a nice warning - do you want to share your phone number with this appy? Without a big red warning sign people naively click yes. Are they stupid? Some probably are. Most are just used to a way the world works and have too much to think and worry about but to spend hours learning the intricacies of yet another IT application which Facebook is. Any serious and responsible IT application has to care for its users. Right now its privacy controls about as intuitive to the average Joe as Windows UAC. Technically correct, cultutrally fail.

Breach said,

What are you, 12? In real life (jobs, family, health, kids, banks, cars, parents, birthdays, parties, dates etc) people are dealing with more than re-installing their Windows and being Facebook profile gurus. How many people do you think have the time and the legal capacity to read and understand EULAs? Heck, most people don't read their bank contracts. They rely on the fact that if they get screwed over no business will get their return business. As Facebook doesn't care (that much, yet, until a big privacy scandal hits) they believe they are doing enough - you get a nice warning - do you want to share your phone number with this appy? Without a big red warning sign people naively click yes. Are they stupid? Some probably are. Most are just used to a way the world works and have too much to think and worry about but to spend hours learning the intricacies of yet another IT application which Facebook is. Any serious and responsible IT application has to care for its users. Right now its privacy controls about as intuitive to the average Joe as Windows UAC. Technically correct, cultutrally fail.


No, I'm not 12, but you must be around that age if you think suggesting such a thing is clever.

You are completely wrong. It is not Facebook's fault some users are too lazy or foolish to read warning notices.

It's not about reading EULAs or learning how a new IT application functions. It's simply about installing an application and reading what the warning message (clearly only a small number of lines of text) says, before clicking 'Allow'. Facebook could possibly make it appear more like a warning, with some sort of red or yellow colour, but they don't have to and they still shouldn't be blamed for users not reading the warnings.

Yes, people may have got used to 'a way the world works', but that does not justify their actions; it is clearly the user's fault, if they click 'Allow', without reading the consequences of their actions.

It's exactly the same problem with users who don't read every screen of an application installation. Do we all read the EULAs and terms and conditions? No, but if those stated something we didn't like or agree with and we accepted the application, we would be at fault, not the person who created the application because they clearly stated within that EULA the consequences and that EULA is there for a reason.

Not to mention this is nothing like an EULA because it is simply a small number of lines of text. It is wholly the fault of the user if they do not read that text.

As I suggested: Facebook should not have to limit the functionality of their product to cater for stupid or lazy users and, yes, if any user does not read what they authorise they fall under the category of either 'lazy' or 'stupid'.

That is not a juvenile statement.

Well, I'm glad you're not working at Facebook. Glad to see they stepped back on this one. Hopefully whatever improvements they are making will be more effective this time around.

Breach said,
Well, I'm glad you're not working at Facebook. Glad to see they stepped back on this one. Hopefully whatever improvements they are making will be more effective this time around.

If developers cater for the lazy and ignorant users, they will never learn and there will continue to be even more lazy and ignorant users.

The warning Facebook showed was clear enough to anyone who isn't lazy and ignorant.

People have their address and phone number on Facebook? My details only say that I'm in Geneva, nothing specific.

Intrinsica said,
People have their address and phone number on Facebook? My details only say that I'm in Geneva, nothing specific.

I see nothing wrong with people adding their address and phone number and showing it only to people they feel they can trust with that information. I would add my address and show it only to family; I've not decided whether I'd show it to any close friends, but I'd definitely show it to family.

Of course, even if you show it to certain people, others could see it if they hack that person's account or are on their account, ever, so I understand why people wouldn't add their address.

lflashl said,
removed anything related to my address and changed my phone number to 650-543-4800 (FB Customer Service)

You don't need to. Just don't approve an app that requests your mobile phone number or address. The warning dialog will tell you if they do. This is a non-story, really. People seem to assume this is given approval to without asking the users.

Northgrove said,

You don't need to. Just don't approve an app that requests your mobile phone number or address. The warning dialog will tell you if they do. This is a non-story, really. People seem to assume this is given approval to without asking the users.

Pretty much same issue with getting Spyware, people just say Yes to download/install stuff without reading things. Sadly its a common issue and one that won't be gone any time soon.

PaulAuckNZ said,
One reason I dont accept requests for games or apps. Altho I dont have a no or address anyway

Exactly. I dont use applications/games at all.

PaulAuckNZ said,
One reason I dont accept requests for games or apps. Altho I dont have a no or address anyway


Yeah I stopped accepting apps and games back in the end of 2009. An app that tells me how many days have been alive is completely pointless in my eyes!

"''Since Facebook will now let apps access your address & number, I have set my no. to 650-543-4800 (FB Customer Service),'' wrote Chris Miller."

I might have to do that.

Doli said,
"''Since Facebook will now let apps access your address & number, I have set my no. to 650-543-4800 (FB Customer Service),'' wrote Chris Miller."

I might have to do that.


Why? Why don't you just limit access to the address and phone number to only those you trust (like family)? Additionally, why don't you just not accept access from applications which request that information?

Callum said,

Why? Why don't you just limit access to the address and phone number to only those you trust (like family)? Additionally, why don't you just not accept access from applications which request that information?

Why not just remove your address and phone number? People who you trust, like family & friends will know your number and address anyway.

metallithrax said,

Why not just remove your address and phone number? People who you trust, like family & friends will know your number and address anyway.

What you say is true now, but may not be in the near future.

metallithrax said,
Why not just remove your address and phone number? People who you trust, like family & friends will know your number and address anyway.

Facebook often asks for mobile numbers in the case where you have the same name as 100 or more users.

metallithrax said,

Why not just remove your address and phone number? People who you trust, like family & friends will know your number and address anyway.


I like my Facebook profile to fully reflect my life, so my friends and family can see anything at a glance, even if they already know it. They already know where I work and where I've studied, but I include that information, for them to see.

Callum said,

I like my Facebook profile to fully reflect my life, so my friends and family can see anything at a glance, even if they already know it. They already know where I work and where I've studied, but I include that information, for them to see.

I do the same, and I'm always telling my friends to put their personal info in there as well (tweaking their security settings, off course) so everyone of our mutual friends can have access to the info.

I recently changed phones and the vast majority of my FB friends didn't have a phone number or address so I had to sync them manually from my old address book on the old phone.

Another problem with privacy is that people will, no matter what, add strangers or people they barely know to their accounts. Why? that's beyond me.

Doli said,
"''Since Facebook will now let apps access your address & number, I have set my no. to 650-543-4800 (FB Customer Service),'' wrote Chris Miller."

I might have to do that.

ditto, I notice about a month ago FB saying I should increase my security by giving them my phone number. I just closed the notification but at least I know the reason behind it now.

dont think its a real good move, people are not responsible on the net.. so many people will just hit "allow" with out reading what they are allowing.
was at one mates place when he was on facebook and he just allowed some random app that let him see "lol look at this picture of you", i said do you know what you just allowed... his reply was "dont know but its ok im on a mac", really wanted to hit him on the back of his head

dafin0 said,
dont think its a real good move, people are not responsible on the net.. so many people will just hit "allow" with out reading what they are allowing.

Then these people have bigger problems on their hands already. Like having installed a botnet and giving access to their computers.

Northgrove said,

Then these people have bigger problems on their hands already. Like having installed a botnet and giving access to their computers.

But he's on a mac! He'll be fine. Lol /sarcasm

I have a feeling many people these days are finding themselves too exposed online. If not, they haven't experienced the horrors of identity theft (in any form) or they're just plain ignorant.

Caleo said,
I have a feeling many people these days are finding themselves too exposed online. If not, they haven't experienced the horrors of identity theft (in any form) or they're just plain ignorant.

There's not much on facebook you can't find through other means, unless you're actually dumb enough to post your SSI and CC/Bank information. I don't think there's much to worry about in the realm of identity theft on facebook.