The Rewards and Risks of Facebook Developer Access to User Phone Numbers and Addresses

Facebook has begun allowing developers to ask users for their mobile phone number and home addresses in a move that will show the best and worst of the Facebook Platform. Most critics have immediately focused on how greedy developers will request the data in order to spam users, which is a valid concern. But the access will also enable the creation of apps that keep friends connected via SMS and facilitate ecommerce by pre-populating delivery details.

Though the risks are high, Facebook should not impede innovation for fear of spammers, but instead push forward while minimizing negative outcomes by helping users make more informed decision.

Reduce Risk through Clarity

The biggest problem with access to contact information is that the permission requests for these highly sensitive data fields are not distinguished from requests for more benign data like a user’s Event RSVPs or privileges like publishing to their stream. Some apps ask for a stack of a half dozen permissions, so users have learned to blindly click “Allow” to speed through to the desired application rather than read them all, assuming they aren’t giving away anything too valuable, or can revoke access later.

Facebook should slow users down and convey the dangers of permitting access to contact info more clearly by making this request a separate step with a bold warning, rather than a quiet, uniform addition to the list of permissions users are familiar with, as we suggested upon seeing the announcement. This would reduce the threat without forcing Facebook to adopt an unscalable system such as approving developers’ access to this part of the Graph API on a one-by-one basis.

Meanwhile, the change could prompt unscrupulous developers to build apps that intentionally ask for a lot of permissions in order to mask that they are pulling the contact information from unsuspecting users. If they succeed, users will become inundated with spam, blame Facebook for this negative experience, and leading to a drop in quality and trust in the Platform.

It’s important to remember that Facebook has long prohibited developers from sharing any user data with third-parties. Users have been granting permission to some kinds of valuable data, including their current location and email address, without widespread problems.

When there have been issues, such as when data broker Rapleaf and developers were caught buying and selling User IDs that did not even contain private data, Facebook has policed accordingly. Data privacy is an inherent problem with developer platforms, but the issues are balanced by the benefits generated by the fun and useful apps that live on them.

One troubling fact is how Facebook announced this major change. Instead of in a dedicated post with mention of the potential risks, it was merely part of a weekly dispatch about bug fixes and migration deadline extensions — with no commentary on its impact. It was published on Friday evening of a three-day weekend,  at 8:16pm PST, diffusing immediate feedback, and later the post’s timestamp was changed to 6:00pm. If people are going to trust that the site has their well-being in mind, Facebook needs to concentrate on mitigating risks for users, not minimizing backlash to itself.

The Rewards of Mobile Phone and Address-Aware Apps

There are many benefits to allowing developers to ask users for their contact information. Mobile phone number access could power apps that act as up-to-the-minute communication hubs between groups of friends, allowing members to be notified by SMS when friends are nearby, want to plan an event, or upload new content. Home address access could let ecommerce sites pre-populate delivery details during checkout, leveling the playing field so smaller merchants can compete with established giants like Amazon that have already forced users to type in their address manually.

Other potential apps could allow you to share an electronic business card with others; get text message updates about group deals, news, or game activity; discover businesses that are close to home, or instantly sign up to receive physical catalogs or coupons via snail mail. While Facebook’s hasty development might challenge the beliefs of some, it doesn’t make sense to delay these useful additions in an attempt to protect users.

Many technologies come with associated risks. Airplanes crash and medicines have side effects, but these advances as well as platforms like Facebook’s, are the future. The user base will need education so they understand how to recognize and assess risks for themselves, and this first incarnation of mobile phone number and home address extended permissions doesn’t provide it. However, Facebook is doing the right thing by giving users the choice of what to share, even if it is currently doing it in the wrong way.