On Friday night at exactly 9:00 p.m. Jeff Bowen posted a new entry on the Facebook Developer blog, that it would give developers of applications access to the contact information of users who install their apps. “These permissions must be explicitly granted to your application by the user via our standard permissions dialogs,” Facebook’s Jeff Bowen said. “Please note that these permissions only provide access to a user’s address and mobile phone number, not their friend’s addresses or mobile phone numbers.”
Facebook admitted that the information is sensitive. Within hours, regular Facebook users who would, presumably, stay away from a blog for developers under most circumstances, were attacking the blog post. “Before you even consider implementing this very intrusive feature, Facebook needs to stop the scammers from making rogue applications and scamming people,” one user wrote. Another followed: “We, as users do NOT condone allowing third party application being allowed access ot our physical addresses nor telephone numbers (sic).”
Probably the most important information from a Facebook user perspective is the integration of a user’s address and mobile phone number as part of the User Graph object. It basically means that application developers can now request permission to access the user’s contact information on Facebook.
Active Facebook users see those prompts on a regular basis, and it is likely that the majority clicks on the Allow button without reading the permission request first to play the game or access the app.
Graham Cluley, of anti-virus and security firm Sophos, warns: “Now, shady app developers will find it easier than ever before to gather even more personal information from users.
“You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies.
“My advice to you is simple: Remove your home address and mobile phone number from your Facebook profile now.”
Facebook says that because this is sensitive information to give out, users agree to give permission to the apps to access their phone number and address when they first add the application. However, users are most likely going to miss the words phone number and address in their scurry to get the applications.
Wouldn’t it better if only app developers who had been approved by Facebook were allowed to gather this information?