Facebook have been found to be downloading mobile numbers without permission from users who have downloaded their app to Android devices, even if they haven't signed in to the network via the app, or are not members of Facebook.
The bug was found by security firm Symantec, and reported to Facebook, who are said to be preparing an update to repair the problem.
Symantec said that the Facebook app had been found to be leaking phone numbers of users who had the app installed by its own mobile security software. The bug was said to be affecting any Android handset which had the app installed.
In a blog post, Symantec said: “The first time you launch the Facebook application, even before logging in, your phone number will be sent over the internet to Facebook's servers. You do not need to provide your phone number, log in, initiate a specific action, or even need a Facebook account for this to happen.”
The bug is said to have affected a significant number of the millions of users who have downloaded the Facebook app to their Android device.
As well as having prepared an update to the Facebook app for Android, Facebook have stated that all collected phone numbers have been deleted from their servers after they were notified of the issue.
The updated app is available to download as a Beta for anyone who registers, and should be available for all via the Google Play Store soon.
Source: Norton Mobile Insight