Third-Party Facebook Apps Could Have Access to Your Address and Phone NumberS

Starting now, you better pay pretty close attention to the dialog boxes that pop up when you try add third-party apps to Facebook. If you don't, you might end up giving them your address and phone number.

Facebook, in its infinite wisdom, has decided to allow third-party apps access to contact information (that is, whatever address and phone number you've put in your profile), so long as you click "Allow" in the permissions dialog box. But since this dialog box doesn't look substantially different from the basic permissions dialog—and since no network-wide announcement's been made that this is now an option—it's pretty easy to just click "Allow" and give Farmville (or any number of third-party app scammers) your cell number.

Why doesn't the contact information permissions have a separate, clearly-labeled dialog box? Why make it available automatically at all? Facebook should know better than this. And the news that contact information is now one of the many things third-party apps can mine for their own purposes shouldn't be dumped on the Facebook developer blog at 9 p.m. on a Friday, the way this was. I mean, Jesus, guys, you couldn't look sketchier if you tried.

But if you're still keeping your home phone and address in your Facebook profile, the joke's probably on you anyway. Facebook hasn't done much to demonstrate that it should be trusted with sensitive information like that. And why do you need your home address in your Facebook profile anyway? You could always do what one Graham Cluley reader suggests and change your phone number to 650-543-4800—Facebook customer service.

[Facebook; Naked Security]