Symantec has caught Facebook reaching for the cookie jar when it’s not allowed to.  In a recent report, the security company claims that Facebook’s Android app is snatching people’s phone number without user permission, and worst of all the user doesn’t even have to log in for this to happen.

 Facebook app steals phone number without user knowing

“…Mobile Insight automatically flagged the Facebook application for Android because it leaked the device phone number. The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers. You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen.”

The Facebook app is undoubtedly one of the most popular apps in the Google Play store, as thousands of people are downloading the app each day.  As noted by their scan, Symantec concludes that all a person has to do is launch the app without logging in and the Facebook server will automatically retrieve the person’s phone number.

Facebook said they were unaware of the app’s doing, and that the phone numbers are cleansed from the social network’s servers.

The Android operating system is known for having multiple security flaws, which consequently leads to the spawning of malicious apps.  Google Play store is home to over 700K apps, but within many of these apps are security flaws that, if left unchecked, can have harmful (detrimental even) effects on not only the hardware but also the privacy of its users.

Symantec says that Facebook isn’t the only app to leak personal data without the user’s knowing.  Considering Facebook is a top of the line app, it’s quite scary to think about the possibility of other top-tier apps conducting the same type of data mining.

Source: symantec