Facebook should make effort to eliminate rogue apps providers: Sophos

by CXOtoday Staff    Jan 18, 2011

securityIT security and control firm, Sophos, is advising users of Facebook to remove their addresses and phone numbers from the site, after the social network plunged itself into controversy by announcing to developers that users ‘off-site contact details will now be accessible programmatically.

In a move that, in the opinion of a Sophos security expert, could herald a new level of danger for Facebook users, third party application developers are now able to access your home address and mobile phone number.

“This change isn’t as drastic as it might first appear, because users will need to give permission for third-party Facebook applications to access this data,” explained Graham Cluley, senior technology consultant, Sophos. “But it still sounds like a recipe for disaster, given the prevalence of rogue scam applications already on Facebook - all of which benefit from apparently being blessed by the Facebook name and brand,” he stated.

The company claimed that, Facebook is already plagued by rogue applications that post spam links to users’ walls, point users to survey scams that earn them commission - and sometimes even trick users into handing over their cell phone numbers to sign them up for a premium rate service. Sophos believes that the networking site should be making a more publicly visible effort to eliminate rogue application providers first, before opening up such valuable and easily abused personal information to its developer community.

“Facebook told its alleged one million app developers how to ask users for permission to access this newly liberated data late on Friday night, but we already know many users don’t bother reading the small print and just click the button without thinking of the consequences,” continued Cluley. “What they’ve failed to do is explain how Facebook will become more safety-conscious now that it has taken this controversial step.”

However, interestingly, suggestions are flying around Twitter that users should change their mobile number to that of Facebook’s US customer service line, thus ensuring that any misuse of this new feature ends up paining Facebook.