Douglas Purdy, director of developer relations for Facebook, said in a blog post that the site is "making changes to help ensure you only share this information when you intend to do so."
On Friday, Facebook said it would make user phone numbers and addresses available to developers via the company's "User Graph object," or the permissions required to install an app. When a user installs an app, they currently see a menu that details what information the app must access. Facebook planned to add phone numbers and addresses to the list of accessible information.
Users had to give developers permission to access this data, and it did not extend to their friend's addresses or mobile phone numbers, but the move still prompted concern in the security community.
Sophos's Graham Cluley said the policy "could herald a new level of danger" for Facebook members. Even though the feature is permissions-based, "there are just too many attacks happening on a daily basis which trick users into doing precisely this," he wrote in a blog post.
"Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data," Purdy said Tuesday, though he did not elaborate.
"We'll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready," he wrote. "We look forward to re-enabling this improved feature in the next few weeks."
Purdy reiterated that sharing phone and address information is voluntary and could be useful for certain apps.
"With this change, you could, for example, easily share your address and mobile phone with a shopping site to streamline the checkout process, or sign up for up-to-the-minute alerts on special deals directly to your mobile phone," Purdy wrote.
In a Tuesday blog post, Sophos's Chester Wisniewski said "it is great news that Facebook is responding to the outrage about this recent change, but I wonder if most users will be satisfied with their eventual solution."
"The best solution would be to permit users to provide this data, via a dropdown or checkbox, when they choose to add an application, but it should not be required," Wisniewski wrote. "Users who want the convenience that Facebook is offering should be able to choose to share their information, but those of us who are more security conscious should be able to opt out and elect to type it in when necessary."
Source:pcmag.com
