Despite repeated concerns over Facebook's privacy policies, the social network is giving third-party app makers even more access to your private information, as a new API hands over your phone number and home address to developers.
The API does, of course, come with stringent rules and limitations to stop your data ending up in the wrong hands. Just like any other piece of information, a Facebook-brand pop-up will request your permission before handing over data, developers won't be able to see your friends' information and the access and use of your data is strictly governed by Facebook's Platform Policies.
But security experts are still concerned about the new API, with Sophos Security's Graham Cluley writing "shady app developers will find it easier than ever before to gather even more personal information from users.
Bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming," he suggests. "The ability to access users' home addresses will also open up more opportunities for identity theft."
Because while rules are in place to stop your information getting out there, they aren't always followed. "Facebook is already plagued by rogue applications that post spam links to users' walls and point users to survey scams that earn them commission," Cluley says.
We saw a clear example of data abuse late last year, when some app developers were found to be inadvertently circumventing Facebook's rules, and broadcasting users' unique ID numbers. That gave easy access to users' shared data, which was quickly snapped up by advertising networks.
The apps were deleted and the developers received some hefty punishment from Facebook, but the information was already out there.
In the last hour or so, Facebook has responded to the concerns, and has pledged to "help ensure you only share this information when you intend to do so." To this end, Facebook has temporarily disabled the feature, and will re-enable it in the next few weeks to "make people more clearly aware of when they are granting access to this data."
This article was originally published by WIRED UK
