Rogue Facebook apps can now access your home address and mobile phone number

Rogue Facebook apps can now access your home address and mobile phone number

In a move that could herald a new level of danger for Facebook users, third party application developers are now able to access your home address and mobile phone number.

Facebook has announced that developers of Facebook apps can now gather the personal contact information from their users.

Request for permission to access home address and phone number

I realise that Facebook users will only have their personal information accessed if they “allow” the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this.

Facebook is already plagued by rogue applications that post spam links to users’ walls, and point users to survey scams that earn them commission – and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service.

Now, shady app developers will find it easier than ever before to gather even more personal information from users. You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies.

The ability to access users’ home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users’ profiles.

You have to ask yourself – is Facebook putting the safety of its 500+ million users as a top priority with this move?

Wouldn’t it be better if only app developers who had been approved by Facebook were allowed to gather this information? Or – should the information be necessary for the application – wouldn’t it be more acceptable for the app to request it from users, specifically, rather than automatically grabbing it?

It won’t take long for scammers to take advantage of this new facility, to use for their own criminal ends.

My advice to you is simple: Remove your home address and mobile phone number from your Facebook profile now. While you’re at it, go through our step-by-step guide for how to make your Facebook profile more private.

If you’re a Facebook user, you should also consider joining the Sophos Facebook page where we regularly discuss how you can use Facebook more safely, and warn of the latest scams and internet attacks.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

Update: Judging by reactions on Facebook and Twitter, I’m not alone in finding this new ability for Facebook apps concerning. Here’s an example of how one user has responded:

Update: Facebook has temporarily rescinded this new option to further improve its clarity to users.