Today we released a new version of Norton Mobile Security for Android devices that contains our new Norton Mobile Insight technology. Mobile Insight has analyzed over 4 million Android applications and processes tens of thousands of new applications every day. Through automatic and proprietary static and dynamic analysis techniques, Mobile Insight is able to automatically discover malicious applications, privacy risks, and potentially intrusive behavior. Further, Mobile Insight will tell you exactly what risky behavior an application will perform and give you specific, relevant, and actionable information.
The ability of Mobile Insight to automatically provide granular information on the behavior of any Android application even surprised us when we reviewed the most popular applications exhibiting privacy leaks.
Of particular note, Mobile Insight automatically flagged the Facebook application for Android because it leaked the device phone number. The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers. You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen.
According to Google Play, hundreds of millions of devices have installed the Facebook application and a significant portion of those devices are likely affected.
We reached out to Facebook who investigated the issue and will provide a fix in their next Facebook for Android release. They stated they did not use or process the phone numbers and have deleted them from their servers.
Unfortunately, the Facebook application is not the only application leaking private data or even the worst. We will continue to post information about risky applications to this blog in the upcoming weeks.
In the meantime, if you wish to verify if your Facebook app or other applications are leaking private information, you can download Norton Mobile Security with Norton Mobile Insight and scan your device. You may be surprised at what your applications are leaking about you.