Facebook Inc., which turned on the new feature over the weekend, admitted in a blog post published this morning that the company “could make people more clearly aware of when they are granting access to this data”.
“On Friday, we expanded the information you are able to share with external websites and applications to include your address and mobile number,” wrote Douglas Purdy on the Facebook Developers blog late on Monday.
“With this change, you could, for example, easily share your address and mobile phone with a shopping site to streamline the checkout process, or sign up for up-to-the-minute alerts on special deals directly to your mobile phone.”
“As with the other information you share through our permissions process, you need to explicitly choose to share this data before any application or website can access it, and you can not share your friends’ address or mobile number with applications.”
“Also, like other data you make available to third party apps and websites, you can always clearly see and control the ways your information is being used in the Application Dashboard.”
“Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and we are making changes to help ensure you only share this information when you intend to do so.”
“We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready. We look forward to re-enabling this improved feature in the next few weeks.”
The change to Facebook’s terms allowed third party app developers access to people’s mobile phone number and home address (if already part of a person’s profile), once a user had agreed to downloading an app.
The tweak, which was announced via the company’s blog on Friday evening, prompted security experts to advise users to remove their personal contact details from Facebook, to avoid being scammed by rogue apps.
“This change isn’t as drastic as it might first appear, because users will need to give permission for third-party Facebook applications to access this data,” explained Graham Cluley, senior technology consultant at IT security and control firm Sophos. “But it still sounds like a recipe for disaster, given the prevalence of rogue scam applications already on Facebook – all of which benefit from apparently being blessed by the Facebook name and brand.”
According to Sophos, Facebook is already plagued by rogue applications which solely exist to post spam links to users’ walls, point users to survey scams that earn them commission – and sometimes even trick users into handing over their mobile numbers to sign them up for a premium rate service.
Now, the IT security company has said, rogue app developers will find it easier than ever before to gather even more personal information from users and has advised Facebook members to remove all of their personal contact information from the site immediately.
“Facebook told its alleged one million app developers how to ask users for permission to access this newly liberated data late on Friday night, but we already know many users don’t bother reading the small print and just click the button without thinking of the consequences,” added Cluley. “What they’ve failed to do is explain how Facebook will become more safety-conscious now that it has taken this controversial step.”
A Facebook spokesman told The Telegraph yesterday: “Developers can now request permission to access a person’s address and mobile phone number to make applications built on Facebook more useful and efficient. You need to explicitly choose to share your data before any app or website can access it and no private information is shared without your permission. As an additional step for this new feature, you’re not able to share your friends’ address or mobile information.”
The social network does not vet its developers like Apple does for its App Store, despite the protestations of security firms, who have noticed the rise of spam on sites such as Facebook, as opposed to across email services. This means there are many rogue apps on Facebook which solely exist to scam users and will now have access to even more personal information, should a user accept the widened terms and conditions. [Facebook Blog via The Telegraph (UK), CBS News]