Facebook: Behaving Badly Or Dangerously Incompetent?

Two days ago, (Norton) Android app skips consent, gives Facebook servers Facebookers phone numbers, follow us right after the break for more and more details!

Facebook-Sad-Logo

Norton updated its post about its findings in Facebook’s official Android app, wherein Facebook confirmed that its app has sent millions of Android users’ phone numbers to be stored on Facebook’s servers when the app is launched.

Symantec’s Norton published updated findings that show Facebook has been uploading phone numbers to its servers via its Android app in Norton Mobile Insight Discovers Facebook Privacy Leak:

The ability of Mobile Insight to automatically provide granular information on the behavior of any Android application even surprised us when we reviewed the most popular applications exhibiting privacy leaks.

Of particular note, Mobile Insight automatically flagged the Facebook application for Android because it leaked the device phone number. The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers. You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen.

According to Google Play, hundreds of millions of devices have installed the Facebook application and a significant portion of those devices are likely affected.

The problem has been fixed and the app was updated but the page on the play store doesn’t say what’s new in the update.

Facebook: Behaving Badly Or Dangerously Incompetent?

Problematically, many Android phones come with the application pre-installed and in many instances the app takes a degree of technical skill to remove. The app only needs to be launched accidentally to send the Android user’s phone number to Facebook’s servers.

At this time, Facebook has not claimed this issue as an accident.

To the knowledgable bystander, combined with the app’s other mechanisms, it’s impossible not to consider the opinion that the app is acting like spyware.

In this scenario – in my opinion – Facebook appears as if it could be acting like a command and control server; their servers control Facebook app users’ phones.

The other app permissions for Facebook’s Android app are equally worrying, and help us understand what is going into our shadow profiles.

For the official Facebook app to run on an Android phone, “Facebook needs access to” a number of functions that seem antithetical to user privacy.

In Read Battery, Facebook obtains detailed information about which apps you use.

In Camera, this permission allows the app to use the camera at any time without your confirmation.

In Phone Calls the app can determine the phone number and device ID, whether a call is active, and the remote number connected by a call.

In Social Info, your agreement to use the app “allows the app to modify data about your contacts, frequency you’ve called, emailed or communicated in other ways with specific contacts. This permission allows apps to delete contact data.”

The Facebook for Android app also “reads your phone’s call log, including data about incoming and outgoing call and allows app to read data about your contacts stored on your phone including the frequency with which you’ve called, emailed or communicated in other ways with specific individuals.”

Under Network Communication it states the app can “download files without notification.”

With actions that could characterize the Facebook for Android app as PII stealing malware, or like an overt pseudo-FinFisher spying tool, it’s like Facebook has turned your phone into a perfect little spy device.

Read more

Hay, make sure that you are one of our Facebook fans [Click Here], or followers on Twitter [Click Here] and Google Plus [Click Here], to be updated with the latest news and Jailbreak - tweaks.

You Might Also Like:

Don’t forget to Support Us ‘Click Below‘ like and share [Tweet, Plus] this helpful, cool post with your friends, by hitting below.

Previous post:

Next post: