James Delahunty
29 Jun 2013 5:02
Symantec's Norton Mobile Security for Android discovered a strange behaviour in Facebook's Android app that leaks the device phone number even without logging in.
The latest version of Norton Mobile Security for Android contains the new Norton Mobile Insight technology, which has analysed over 4 million Android apps and processes tens of thousands of new apps every day. Mobile Insight is able to automatically discover malicious applications, privacy risks, and potentially intrusive behavior.
Symantec notes one surprising flag raised by Mobile Insight. It automatically classed the Facebook app for Android because it leaked the device phone number. This happened when the application was launched, even before attempting to login. You clearly didn't need a Facebook account, it would simply send the device phone number to Facebook.
Symantec contacted Facebook about the problem, and the social network said it will provide a fix in its next app update for Android. It also said that any gathered phone numbers have been deleted and were never used in any way.