NSA PRISM Program: Facebook Gets Busted Again, This Time For Scooping Up Phone Numbers

Impact

Facebook was hit with yet another privacy complaint last week when an anti-virus company determined Facebook’s Android app was indiscriminately collecting user cell phone numbers and sending them back to company servers.

Symantec, the company that made the discovery, posted a statement to their blog explaining how the Facebook application for Android “leaked” the number of the device that was running it. “The first time you launch the Facebook application, even before log in, your phone number will be sent over the Internet to Facebook servers. You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen.” Symantec’s mobile anti-virus software, Mobile Insight, noticed suspicious activity coming from the app during a test.

“This was a bug in the Facebook for Android app,” Facebook said in response, “and we thank Symantec for bringing it to our attention. We’ve fixed it in the next version of the app, which is available for anyone to download as a beta today.” The company maintains that the collection of phone numbers was a glitch, and that they were promptly deleted from internal servers.

Though data from Google Play indicates that the hugely popular application has been downloaded hundreds of millions of times by Android users, Symantec says that because Facebook deleted the data, it’s impossible to determine exactly how many users were affected.

“Based on my understanding,” said Symantec security response manager Satnam Narang, “the bug would have been found on any version of the [Facebook] Android application that’s out there, for any device it runs on.” 

Facebook is understandably jumpy regarding user privacy following the public outrage this month over the company’s involvement in the National Security Administration’s PRISM surveillance program, made public by former security contractor Edward Snowden. Mark Zuckerberg released a statement shortly after the program went public reaffirming the company’s commitment to user privacy, saying that they “will continue fighting aggressively to keep your information safe and secure.”

Following negotiations with government officials, Facebook and other Silicon Valley giants received permission to release previously classified data regarding the number of requests they receive from the federal government under the auspices of the FISA Act, as well as National Security Letters.