Symantec has caught Facebook reaching for the cookie jar when it’s not allowed to. In a recent report, the security company claims that Facebook’s Android app is snatching people’s phone number without user permission, and worst of all the user doesn’t even have to log in for this to happen.
The Facebook app is undoubtedly one of the most popular apps in the Google Play store, as thousands of people are downloading the app each day. As noted by their scan, Symantec concludes that all a person has to do is launch the app without logging in and the Facebook server will automatically retrieve the person’s phone number.
Facebook said they were unaware of the app’s doing, and that the phone numbers are cleansed from the social network’s servers.
The Android operating system is known for having multiple security flaws, which consequently leads to the spawning of malicious apps. Google Play store is home to over 700K apps, but within many of these apps are security flaws that, if left unchecked, can have harmful (detrimental even) effects on not only the hardware but also the privacy of its users.
Symantec says that Facebook isn’t the only app to leak personal data without the user’s knowing. Considering Facebook is a top of the line app, it’s quite scary to think about the possibility of other top-tier apps conducting the same type of data mining.