On Friday, on its developer's blog, Facebook said it made changes to the dialog box that pops up when users download third-party apps. The dialog box asked the user's permission to collect their mobile phone and address information when downloading the app. The move drew concern from the security community, and after feedback form users -- which was largely negative -- Facebook said it is disabling the feature for the time being.
Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and we are making changes to help ensure you only share this information when you intend to do so. We'll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready. We look forward to re-enabling this improved feature in the next few weeks, Facebook developer Douglas Purdy said in his blog.
A spokesperson for Facebook could not be reached for further comment.
Originally, Facebook put up the blog post and security professionals expressed concerns about the change. Graham Cluey, a privacy expert from Sophos, said there are too many attacks happening on a daily basis which trick users into allowing their information to be accessed. Chester Wisniewski, senior security advisor at Sophos, expressed similar sentiments, saying Facebook has pushed the boundaries of privacy for a long time.
We've seen huge quantities of personal scammers, redirecting that information to other money making schemes. They make a geunine effort, they have great security people over there, but with 500 million users, they are a huge target. Some of these actions, getting people to share personal data, is asking a lot of users from a trust standpoint, Wisniewski said.
Wisniewski said Facebook should enact opt in for the sharing of all information with third party developers. This would force users to choose explicitly, rather they having to opt out through nag boxes.
They are nag boxes. It's getting you to agree to give your information to developers through a pop up that you say 'yeah, I just want to get past this, so you agree to whatever is put in front of you, Wisniewski said.
He recommended users remove their home address and mobile phone number from Facebook if they aren't comfortable. If you wouldn't put your address and phone number on a sticky post and put it on a lamp post in the street, then don't put that information in your Facebook profile, Wisniewski said.