14 DAY TRIAL // Facebook has temporarily suspended the recently released permissions that gave apps access to user contact information in order to address people's concerns about the feature.
Last Friday, Facebook announced the addition of two new permissions called user_address and user_mobile_phone that apps could start requesting upon installation.
One has to wonder why the company chose to announce a feature with such a big privacy impact only on its "Developer Blog," with a very technical title and on a Friday evening.
Thankfully, the media caught wind of the change fast and spread the word, which generated quite a backlash from the community.
Security researchers have expressed concern that permission request dialogs are so common that users instinctively agree to them without paying attention to the listed privileges.
This is already being exploited to build social spam botnets by tricking users into installing rogue apps with the "post on your wall" permission.
Fortunately, it seems in this case Facebook was willing to listen and re-evaluate its decision. "[...] We are making changes to help ensure you only share this information when you intend to do so," announced Douglas Purdy, Facebook's director of Developer Relations.
"We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready," he added.
Whether the changes will satisfy the need of security conscious users while also managing to serve the interests of developers, remains to be seen.
"The best solution would be to permit users to provide this data, via a dropdown or checkbox, when they choose to add an application, but it should not be required," says Chester Wisniewski, a senior security advisor at Sophos.
This way people would be able to decide themselves if they opt for security and privacy or for convenience, or if the application is worth the permission or not.