Facebook iPhone app shares all your phone numbers

Contact Sync app takes numbers from your iPhone and pushes them to Facebook servers

Published 15:22, 06 October 10

Facebook is, once again, embroiled in a privacy mess: The social network is apparently publishing your private phone numbers to any and everyone without telling you.

If you have an iPhone and have used the Facebook app to sync your contact information, it's possible that all your friends contact details are now on the social network.

The Guardian's Charles Arthur reports that Facebook's Contact Sync feature links your friends' Facebook profile pictures to the contact telephone number in your iPhone address book. The app then pushes these private phone numbers onto Facebook's servers, and publishes them to Facebook's Phonebook app. The Facebook app also appears to share numbers for contacts that you don’t have, but your Facebook friends do. If you are logged onto Facebook, you can see your Phonebook here.

Kurt van Moos, who first wrote about this feature in January, says Facebook does this without your knowledge or consent. Once your iPhone is synced, Facebook will also match your phone numbers to people on Facebook, whether you are friends with them or not. If the application cannot make a match, it will create a new contact entry in your Facebook Phonebook using the contact details imported from your phone, and add a link to invite them to join Facebook.

Van Moos points out the privacy problems with this data collection: Can you be sure how Facebook, or its advertisers or partners, will use that data?

There are also huge security implications: If just one person's Facebook account were to be hacked, or if their iPhone were stolen, then many people's personal details would be revealed.

Meanwhile, ElectricPig asks if this is in breach of Apple's iTunes store policy:

"Firstly the syncing of your iPhone contacts by the Facebook iPhone app could be construed as a hidden feature. That would be in contravention of Apple’s App Store Review guideline 2.4: “Apps that include undocumented or hidden features inconsistent with the description of the app will be rejected.”

"Secondly and perhaps more importantly, the Facebook iPhone app seems to ignore Apple’s rules on user consent, specifically point 7.1 which states: “Apps cannot transmit data about a user obtaining the user’s prior permission and providing the user with access to information about how and where the data will be used.”

But the story has been blown out of proportion, according to AllFacebook, the blog that calls itself the unofficial Facebook resource. Nick O'Niell at AllFacebook writes: "Looks like Facebook users are being duped again. This time, thousands of users believe that their phone numbers are being exposed in a way that puts them at risk. Fortunately, this is not the case... For those who aren’t aware, the 'Facebook Phonebook' is a feature that enables you to easily keep track of your friends’ phone numbers, including the ability to sync it with your own mobile devices."

O'Niell then goes on to detail how to hide your private phone numbers on Facebook, by either removing it from your profile or changing your privacy settings.

To be extra secure, I recommend removing yourself from Facebook Phonebook though this link, which appears to be down at the moment - possibly due to high demand.