According to a report by Symantec, the current Facebook for Android app uploads your entire contact list to their servers even if you don’t have a Facebook account.
After launching an updated version of Norton Mobile Security, Symantec noted that among a huge list of apps secretly uploading private data to app developers’ servers, Facebook was identified as one of those pulling contact information from users’ address books and then secretly uploading them to Facebook’s servers.
What’s worse about the whole situation is that users who installed the app but never logged in with an account also suffered the same fate.
Facebook has since said that what occurred was actually an error in the app and that it should have never happened in the first place. They also said that all contact information was deleted from their servers, and will be fixing the problem via the app’s next update.
With hundreds of millions of users already installing the app, Symantec says that a significant portion of those are at risk or have already been affected by the flaw.