Facebook iPhone app shares all your phone numbers
Contact Sync app takes numbers from your iPhone and pushes them to Facebook servers
Published 15:22, 06 October 10
Facebook is, once again, embroiled in a privacy mess: The social network is reportedly publishing your private phone numbers to any and everyone without telling you. If you have an iPhone and have used the Facebook app to sync your contact information, it's possible that all your friends contact details are now on the social network.
The Guardian's Charles Arthur reports that Facebook's Contact Sync feature links your friends' Facebook profile pictures to the contact telephone number in your iPhone address book. The app then pushes these private phone numbers onto Facebook's servers, and publishes them to Facebook's Phonebook app. The Facebook app also appears to share numbers for contacts that you don’t have, but your Facebook friends do. If you are logged onto Facebook, you can see your Phonebook here.
Update: For me, the Facebook phonebook seems to contain numbers friends have posted publicly on their profiles. I have tried to double-check this with my FB friends, but not everyone has gotten back to me yet. However, Charles Arthur and Kurt van Moos (see below) both found numbers that were inaccurate and were displaying numbers that were meant to be private. So it is still unclear whether Facebook will display my number if one of my friends syncs their iPhone contacts with Facebook. Or if it does, whether it is only my friend that sees it, or the whole world.
But The Guardian's Arthur reports that:
Kurt van Moos, who first wrote about this feature in January, says Facebook does this without your knowledge or consent. Once your iPhone is synced, Facebook will also match your phone numbers to people on Facebook, whether you are friends with them or not, says Van Moos. If the application cannot make a match, it will create a new contact entry in your Facebook Phonebook using the contact details imported from your phone, and add a link to invite them to join Facebook.
Van Moos points out the privacy problems with this data collection: Can you be sure how Facebook, or its advertisers or partners, will use that data?
There are also huge security implications, according to Charles Arthur: If just one person's Facebook account were to be hacked, or if their iPhone were stolen, then many people's personal details would be revealed.
Meanwhile, ElectricPig asks if this is in breach of Apple's iTunes store policy:
"Firstly the syncing of your iPhone contacts by the Facebook iPhone app could be construed as a hidden feature. That would be in contravention of Apple’s App Store Review guideline 2.4: 'Apps that include undocumented or hidden features inconsistent with the description of the app will be rejected.'
"Secondly and perhaps more importantly, the Facebook iPhone app seems to ignore Apple’s rules on user consent, specifically point 7.1 which states: 'Apps cannot transmit data about a user obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used.'
But the story has been blown out of proportion, according to AllFacebook, the blog that calls itself the unofficial Facebook resource. Nick O'Niell at AllFacebook writes: "Looks like Facebook users are being duped again. This time, thousands of users believe that their phone numbers are being exposed in a way that puts them at risk. Fortunately, this is not the case... For those who aren’t aware, the 'Facebook Phonebook' is a feature that enables you to easily keep track of your friends’ phone numbers, including the ability to sync it with your own mobile devices."
O'Niell then goes on to detail how to hide your private phone numbers on Facebook, by either removing it from your profile or changing your privacy settings.
Update: People in the comments below also seem to think this issue is overblown. I reiterate that you if you are worried about your privacy at all, you should change your privacy settings on Facebook. There is a whole different discussion we could have here about companies that use the opt out model of privacy, which puts the onus on users to be responsible with their data and control the way their information is displayed. Some people want websites like Facebook to make it easier for its users to protect their information, other people think it's a 'buyer beware' issue. In short, if you don't want to share something, don't share it.
To be extra secure, I recommend removing yourself from Facebook Phonebook though this link, which appears to be down at the moment (possibly due to high demand).
Update: Thanks for your feedback below. I am awaiting comment from Facebook, and will update this story again once I've had some more clarification.