Facebook for Android is receiving a “fix” after security firm Symantec last week announced that the app was wrongfully collecting users’ phone numbers and contact numbers and then sending that information back to the company’s servers.
Facebook since that time has told tech site TNW that it has fixed the “bug” in a recent beta release and will soon roll it out to customers.
The social giant says it has not used the phone numbers in any way and that the numbers have already been deleted.
The flaw was only discovered when Symantec stumbled upon the data collecting code by accident. Symantec used its Norton Mobile Security app to discover the issue. That particular application is capable of discovering malicious applications, privacy risks, and potentially intrusive behavior via automatic and proprietary static and dynamic analysis techniques.
Here’s what Symantec has to say about its Facebook phone number discovery:
The ability of Mobile Insight to automatically provide granular information on the behavior of any Android application even surprised us when we reviewed the most popular applications exhibiting privacy leaks. Of particular note, Mobile Insight automatically flagged the Facebook application for Android because it leaked the device phone number.
The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers. You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen.
A beta release for the Facebook Android app arrived yesterday but has not yet rolled out to the general public.