Facebook has, rather quietly, moved to allow developers to access users’ home addresses and mobile phone numbers.
It announced on its developers’ blog over the weekend that the information will be accessible as part of the User Graph object, where users have given permission.
“Please note that these permissions only provide access to a user’s address and mobile phone number, not their friend’s addresses or mobile phone numbers,” it says.
However, there’s concern that many users will simply click ‘allow’ without noticing the difference or realising the implications. In any case, says Graham Cluley of security firm Sophos, it’s simply another tool for fraudsters to exploit.
“I realise that Facebook users will only have their personal information accessed if they ‘allow’ the app to do so, but there are just too many attacks happening on a daily basis which trick users into doing precisely this,” he says.
“Facebook is already plagued by rogue applications that post spam links to users’ walls, and point users to survey scams that earn them commission – and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service.”
Cluley says that dodgy app developers will now find it easier to gather personal information from users.
“The ability to access users’ home addresses will also open up more opportunities for identity theft, combined with the other data that can already be extracted from Facebook users’ profiles,” he says.
Facebook says it’s pretty hard to miss the permissions box, and that the move is intended to make users’ lives easier.
“For more than a decade, people have been going from website to website and entering their address every time they buy something that needs to be shipped, or their phone number when they might need to be called or sent an SMS to track an order or for general customer service,” it says.
“We saw an easy way to solve this problem in a way that can enable more efficient and user-friendly applications on the web in areas like commerce, ticketing and events. For example, a frequently used e-commerce application or website is better when it has your address stored for a faster checkout.”
Facebook also points out that most peoples’ names and addresses are freely avaialble in the phone book – although the phonebook doesn’t normally link that information to one’s relationship status or list of friends, for example.