According to Norton Mobile Security, Facebook's Android app leaks users' phone numbers without asking permission first. Apparently, the app sends this information to Facebook servers when it's first launched, even before the user logs in! This means that hundreds of millions of users who downloaded the app – even those who don't have Facebook accounts – unwittingly provided their phone numbers to Facebook.
Now, clearly this is a big deal: not only does Facebook have unbridled access to hundreds of millions of phone numbers, but they got these numbers without asking first. Norton reached out to the company, but their response has been lackluster. They stated they "did not use or process phone numbers" and have "deleted them from their servers." Do you believe them?
There have also been reports of Facebook asking users to verify their phone numbers at login, so it doesn't seem like the company is being entirely honest about "not using" this information.
Sure, some might say, "This is Facebook; you shouldn't expect privacy," but some users didn't even download the app. Verizon, for example, pre-installs Facebook on some Android phones.
What can you do about it? Besides not downloading Facebook, you can also root your device and install an app called "Permissions Denied" to firewall any app permissions you'd like. Such a feature should be baked into Android's OS, but sadly isn't.
But I'm guessing for the majority of people, this won't come as much of a shock, and I doubt there will be any serious protests about it. The general public has now been conditioned to not expect privacy in any situation online, especially when Facebook is involved.