Facebook apps seeking home addresses could spell disaster

17 Jan 2011

Facebook’s decision to allow app developers to create apps that suck not only your telephone number but now your home address portends a dangerous new era for privacy and personal security, experts warn.

On Friday evening, Facebook made the announcement that third-party application developers are now able to access your home address and mobile phone number.

In effect, app developers have the ability to instantly grab your mobile phone number and home address, along with date of birth information that you would keep on your Facebook profile as soon as you agree to download an app.

While not everyone puts all of this information into their Facebook profile, many people do and often download apps on a whim; not realising the likelihood of their information ending up on a marketer’s database or in the wrong hands.

“I realise that Facebook users will only have their personal information accessed if they ‘allow’ the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this,” said Graham Cluley of Sophos.

“Facebook is already plagued by rogue applications that post spam links to users’ walls, and point users to survey scams that earn them commission – and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium-rate service.

“Now, shady app developers will find it easier than ever before to gather even more personal information from users. You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies.

“The ability to access users’ home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users’ profiles,” Cluley warned.

Personal safety

What Cluley didn’t say was that as well as identity theft, the ability to glean your home address could also arm criminals with precise information about you and where you live, opening up the threat of physical danger in a world where criminal gangs are amassing cyber skills on a daily basis.

“You have to ask yourself – is Facebook putting the safety of its (more than) 500m users as a top priority with this move?

“Wouldn’t it better if only app developers who had been approved by Facebook were allowed to gather this information? Or – should the information be necessary for the application – wouldn’t it be more acceptable for the app to request it from users, specifically, rather than automatically grabbing it?”

In other words, Facebook has a duty of care to its 600m constituents. They aren’t just users; they are people and they are the beating heart of everything Facebook has achieved to date. Trust is something you can’t play with.

“It won’t take long for scammers to take advantage of this new facility, to use for their own criminal ends,” Cluley said.

Cluley advises Facebook users to remove their home addresses and mobile phone numbers from their Facebook profiles now.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com