Symantec discovers phonebook leak in Facebook for Android app

Bradley Wint
By: - 28th Jun 2013
email hidden; JavaScript is required

According to a report by Symantec, the current Facebook for Android app uploads your entire contact list to their servers even if you don’t have a Facebook account.

After launching an updated version of Norton Mobile Security, Symantec noted that among a huge list of apps secretly uploading private data to app developers’ servers, Facebook was identified as one of those pulling contact information from users’ address books and then secretly uploading them to Facebook’s servers.

What’s worse about the whole situation is that users who installed the app but never logged in with an account also suffered the same fate.

Facebook has since said that what occurred was actually an error in the app and that it should have never happened in the first place. They also said that all contact information was deleted from their servers, and will be fixing the problem via the app’s next update.

With hundreds of millions of users already installing the app, Symantec says that a significant portion of those are at risk or have already been affected by the flaw.

Get more awesome stories shipped directly to your inbox

Want a daily dose of awesome in your inbox? Sign up for our newsletter featuring fresh and popular content.