Facebook API Bug Deletes Contact Info On Phones

An anonymous reader writes "If you thought that Facebook's recent unannounced change of its users' email address tied with their account to Facebook ones was bad, you'll be livid if you check your mobile phone contacts and discover that the change has deleted the email addresses of many of your friends. According to Facebook, the glitch was due to a bug in its application-programming interface, and causes the last added email address to be pulled and added to the user's phone Contacts. The company says they are working hard at fixing the problem, but in the meantime, a lot of users have effectively lost some of the information stored on their devices."

Well deserved

[icebike]

Any fool who syncs their phone with Facebook deserves all the pain they are likely to get.
The sad part is they inflict some of this pain on innocent bystanders who they happen to have in their phone books.

Re:Well deserved

[HapSlappy_2222]

Hmm. I dunno about that. I sync gmail to my phone. My company uses a gmail document repository, too, which I also sync. I sync to my phone's backup server. And I sync to my business Facebook account, too, to see posts, read Facebook chats, etc without having to whip out a laptop or bring up my phone's browser. I also have some apps that interact with Facebook for various reasons.

I feel I have some pretty good reasons to sync my phone to quite a few web services, including Facebook. I don't trust Facebook at all in my personal life, but deleting data from my business phone's contacts is a major, major screw-up, and nobody would have expected even Facebook to fail this hard. That said, anybody I knew outside of Facebook has a separate contact in my phone, anyway, but had I not taken that precaution, who knows how bad it could have been.

Re:Well deserved

[AaronLawrence]

and nobody would have expected even Facebook to fail this hard

Huh? Facebook has pretty stated that their strategy is to try major, risky changes at high speed and retract them if necessary. A careful, backwards-compatible, regression tested release process is the opposite of what they do.

So: I would say anyone trusting facebook with their critical data is a fool.

Re:Well deserved

[HapSlappy_2222]

That's exactly what it's for. I run a small print shop, and fully half my business comes through word of mouth on the site's FB account.

Yea right a 'glitch'

[arcite]

Like most consumers are going to believe this. Of course, what right to they have to complain? FB is a free product and users willingly sign away every semblance of their privacy. Don't want to get burned? DON'T USE FB!

Re:Yea right a 'glitch'

[kidgenius]

Like most consumers are going to believe this. Of course, what right to they have to complain? FB is a free product and users willingly sign away every semblance of their privacy. Don't want to get burned? DON'T USE FB!

No, FB is NOT a free product. Facebook charges quite a bit for the privilege of your ads being displayed to users. The users are the product, not the customer.

Re:Yea right a 'glitch'

[Schmorgluck]

No, I really think it's a glitch, because it's totally incoherent with their business model: Facebook deleting personal data? That would be new!

Re:Yea right a 'glitch'

[vlueboy]

FB is a US company subject to our laws. So you're forgetting several things. To help you recall them more clearly, see this example:

1) Your company succeeds to legally attract all 500 of your local neighborhood's children daily under the pretense of giving AWAY ("free", see?) food and candy. Everyone wins: parents bring them in daily since they no longer pay for kid's food and socialization sounds good to them and feels great for their kids... what's there to lose?

2) On the not-so-well appreciated side is the team covering the costs in exchange for monitoring EACH child closely behind 2-way walls for behaviors, choices of candy and identifying clothing trends and optimizing their products for future sales to the community's children.

3) At some point, the food starts making a select few children's teeth ALL fall out.

4) THIS. IS. AMERICAAAAA! Ergo, the next step is in this analogy in the real world would be "Lawsuits! Lawsuits, of course! Free doesn't mean we're your guinea pigs and my loss is your loss"

But given that we're talking about 'damage' + "on the innn-ternet" our laws do not fully have any meaning most of the time and the crime is allowed to continue thanks to how far behind the governments are in paying attention and lazily adapting old laws to new problems without losing lobby money.

The children's teeth will not come back on their own for those who lost, so they'll probably go elsewhere, but all the other kids are addicted to daily free food and gameplay... parents have been saving cash and WON'T leave because they rationalize the chance of loss against their chances of saving. Ergo, free is still better unless your child gets hit with the next russian roulette round.

Dipshits

[cpu6502]

Facebook's programmers have made one mistake after another. I first noticed it when they started redirecting my tablet from the www. to the mobile site. Bastards. They shouldn't be forcing me to a site I don't want to use.

Then they changed my email to cpu6502@facebook.com. And now this story about the programmers erasing cellphone data "by mistake". Does Facebook hire monkeys to do their coding?

Re:Dipshits

[chill]

Yet still you have a Facebook account. Why exactly should they set the bar higher if all their screw-ups do is get them more free publicity?

Every time FB fucks up, the online world whines like it is the end of life as we know it. All you're doing is confirming to FB that you're addicted and can't live without them.

Why again should they change? You're their bitch and they like it that way.

Re:Dipshits

[cpu6502]

Because I like facebook's free service, just as I like free TV or free online magazines or free Firefox or free Opera or free Lubuntu. I just wish facebook was as competent as the other guys.

If I was paying then yes I'd certainly cancel the account, just as I canceled Comsucks. I'm more tolerant of mistakes on free services (since technically I lose nothing) than I am of mistakes for paying services.

Re:Dipshits

[ZosX]

Does Facebook hire monkeys to do their coding?

I think they should begin recruiting monkeys. It can't make things any worse.

Re:Dipshits

[jimicus]

I can understand they might provide some new @facebook address for you, but can't you just ignore it entirely? Presumably your friends would email you at the address they always used to, unless you told them otherwise.

Did you even RTF Headline? His friends won't email him at the address they always used to, they'll email the @facebook address because Facebook has thoughtfully updated all their address books for them.

Bug?

[Parafilmus]

It seems a bit disingenuous to call this a "bug."

The API was operating as designed: when a friend lists a new email address, my address book is updated to reflect it. That's normal behavior.

The "bug" in this case was Facebook's decision to modify their users' contact info without permission. The API is not to blame here.

Re:Bug?

[zlives]

+1

Re:Bug?

[gweihir]

Indeed. Highly unethical. They have no business changing data under user control. At least here (Switzerland) it may actually be a criminal act to do so without asking permission ("Datenbeschaedigung").

At the same time, it was also utterly incompetent, because you do no change important data on devices you do not control without being extremely careful. As in making backups.

Re:Bug?

[John+Hasler]

The "bug" in this case was Facebook's decision to modify their users' contact info without permission.

Nonsense. You gave them persmission when you enabled "syncing". Only a fool would allow an advertising agency with which they have no contract to not only run unaudited software on a computer containing their only copy of important data but also permit that software write access to the data.

Re:Bug?

[kidgenius]

Agreed. This is not a bug. It is an unintended consequence of the choices they made. The API is syncing as you would expect. When an email address changes, it updates to change to the new address. What FB didn't realize was that when they defaulted everyone's email address to their own, that when their sync occurs, it would do exactly what they had expected it to do. Someone just didn't think that this would cause a problem when it trickled down.

Re:Bug?

[bruno.fatia]

You do realize that same sentence could apply to Google with Android OS? Only that they do have full root control on your phone.

PS: I do use an Android phone with sync to Google servers.

The real issue is with permissions

[sabri]

While a lot of people (and trolls) will bash Facebook and its coders, the real issue here is the broken permissions system on Android and Iphone.

When you install an application such as Facebook, you are forced to grant more permissions than is good for you, opening up your phone for bugs like this. Those permission systems should be fixed (as well as the bug).

Re:The real issue is with permissions

[bbecker23]

Permissions Denied has always worked well for me in limiting unwanted permissions. Admittedly, a third-party app shouldn't be needed for this, but solutions are out there.

https://play.google.com/store/apps/details?id=com.stericson.permissions&hl=en

Re:The real issue is with permissions

[gweihir]

While a lot of people (and trolls) will bash Facebook and its coders, the real issue here is the broken permissions system on Android and Iphone.
 

No. Not really. Whenever you want to change date under user control you a) ask them first and b) be very, very careful, and make a full backup of the old data. At least any halfway competent developer or sysadmin knows that. True, most screw-ups have multiple causes, as does this. But the fact remains that Facebook demonstrated extreme incompetence and complete disregard for their users here, and they did if motivated by greed. That is completely unacceptable.

Re:The real issue is with permissions

[Trepidity]

In this case I don't think that's the underlying problem: even if it were opt-in, a lot of users would opt in to syncing email addresses, because in the normal case that's what they want. If a friend leaves company A and goes to company B, updating the address in your phone is convenient. What's less convenient is Facebook changing their email address when the old one was still valid and the friend didn't actually remove it...

Re:The real issue is with permissions

[mlts]

On Android, I would recommend LBE Privacy Guard (requires root) to ensure FB keeps its sticky fingers out of the contacts.

On iOS, it requires jailbreaking, but there is a Cydia app called PMP or Protect My Privacy which will allow FB to have what it thinks is a contact list... when in reality, it is getting randomly generated garbage.

Either way, FB gets nothing that it shouldn't have if you know what you are doing.

Re:The real issue is with permissions

[Anubis+IV]

On iOS, rather than jailbreaking, you can just wait until later this month when iOS 6 comes out, since it has built-in controls for granting/restricting each application's access to your contacts.

Re:The real issue is with permissions

[Anubis+IV]

Aside from iOS 6 having Facebook integration, none of what you said is true.

The Facebook integration iOS 6 is adding is like the Twitter integration they added in iOS 5. You can log in from one place in your global settings, and then share content from a number of places throughout the device. The device will be pulling your friends from Facebook and making them visible in your Contacts app, but that information isn't flowing the other way by default, meaning that Facebook doesn't get free access to your contacts. As for removing it, it's entirely optional to enable it in the first place, and if you decide you don't like it, you can simply disable it later.

Re:The real issue is with permissions

[Rich0]

Or, maybe there is a choice other than using an application with a suboptimal experience, or using a lousy interface?

I use LBE Privacy Guard. It blocks most of the more intrusive application behaviors but still lets me use the applications (unlike alternative implementations like CyanogenMod's, which usually just crashes the applications and the people who add it insist that you shouldn't be using it anyway).

Take-it-or-leave-it is a lousy design, and it is an unnecessary one. When displaying the user a list of permissions let them select which ones to grant, and the API should not allow an application to reliably detect which permissions were granted, so that they can't cause bugs. If you don't grant access to contacts, then the application doesn't see any contacts, and if they add new ones they go into a private namespace that nothing else sees. If you don't grant access to location, then the GPS is "turned off" 24x7. If you don't grant access to the network then there is no network service. That keeps app designers from "punishing" users who block access (believe it or not I've seen this kind of behavior).

Wow, thanks

[Georules]

Thanks for the heads-up. I promptly uninstalled the facebook app from my phone. I have way too many email addresses in my contacts that I can't afford to lose. My contacts aren't just my contacts on my phone, I use those contacts for gmail. Facebook is going to have to find a really good reason for me to care to reinstall the app.

Thanks Google

[bazald]

For the first time, I appreciate your API changes which broke direct contact synchronization through the Facebook app.

Incompetents

[gweihir]

That is why you do not change data under your user's control, without a) giving them a warning and ask them to opt-in and b) making backups. Any halfway competent software engineer or system administrator knows that. Apparently, Facebook does not have such people and is still half-assing it. These people are really a disgrace.

Demand a refund.

[vlm]

I think they should demand a refund of their subscription fee.

Re:Hmmmmm...

I know there's some reason people continue to use Facebook. I just have a hard time imagining what it is.

10 users 'like' this post.

the bizarre part of FB

Here's the really bizarre thing.

Of my FB using friends (eg most of them), about 80% claim to hate Facebook. Yet, they continue to use it. It's like abused-wife syndrome or something. They all go on and on about how it sucks, but they keep going back to him because maybe this time he won't hit me.

It looks to me surely like they are insane. I seem to do just fine iwthout using Facebook at all. I still have a social life, I still interact with my friends online, I still chat w/ ppl and email them, I still know what's going on.

So why the fuck do people keep using it, if they hate it so much? It seems like some weird case of otherwise smart ppl suddenly becoming dumb as rocks.

Re:the bizarre part of FB

[cant_get_a_good_nick]

It s not that Facebook is cool, it's that social networking is cool, and there is no other realistic alternative. If I (collective I, I personally don't use facebook) have something to share to a group, Facebook is the simplest and the widest audience.

Re:the bizarre part of FB

[Zaelath]

I don't get what's cool about it either... really. Most of these social networks are collections of people you would never actually socialise with in person even if you could.

It's like the yearbook club has taken over the school.

If it wasn't so ridiculous I'd think it was a Buffy episode and any moment now we'll get the big reveal where Fuckerberg is doing blood magic to get signups.

Not entirely a FB bug, phone software is the prob

[Jthon]

The Facebook bug here is that if you ask Facebook for someone's email, it was returning the last one added which was that stupid @facebook.com email. But why was the phone deleting contact info and replacing it? If your only source of contact data for a person was their Facebook email then yeah I can see that swapping, but why isn't the phone keeping Facebook, and other contact info separate?

My phone shouldn't see Facebook info change, then go and delete the work email from my Google contacts, or phone contact. If these phones are doing that I'd argue you have a phone SW bug. I wouldn't want any random sync service to suddenly override my manually entered contact data.

As for people complaining about work emails being swapped, why do you sync work emails via facebook? You should have that entered into a separate place. My Android phone is smart enough to keep google contacts and facebook contacts separate, and merge the accounts for display purposes. (And my old Palm Pre back in the day did an even better job of this.)

Facebook and wooden talking rings

Because I like facebook's free service

Can someone explain what service that is?

Because all I've ever heard is stuff like, "I can chat w/ my friends on FB". Well, I can chat with them without FB too. Or, "I can learn where the party this w/e is gonna be". Well, I seem to learn that without FB. I've so far never seen something people claim they use FB for that doesn't work just fine if FB never even existed. I mean, jeez luise - people were going to parties and talking to family online before FB ever existed. Or, "It lets me find my highschool buds!" Which I did just fine without ever touching FB.

It's like someone suddenly sold every human being a wooden ring to place over their mouth and convinced them they couldn't talk to anyone without using this ring. So people buy these and walk around talking to people by placing the ring over their mouths, because hey, the rings let us go to parties and talk to friends and be social!one!! If you don't have one of these rings, you must be some weird antisocial weirdo who never talks to anyone! Except that people were talking to each other for the last million years without those rings and it worked fine, and plenty of don't even have a ring and seem to do everything the ring-people are doing, and without having to pay for the ring. It's completely unnecessary, but some mass insanity convinced everyone they needed it.

It makes no fucking sense.

Re:Facebook and wooden talking rings

[webXtasy]

"I can chat w/ my friends on FB"

Agreed, definitely not the best (and far from only) thing for that.

"I can learn where the party this w/e is gonna be".

Agreed, definitely not the best (and far from only) thing for that.

"It lets me find my highschool buds!"

Sure, but if FB wasn't considerably more effective at this (i.e., you find a much higher percentage of folks you went to school with), it's because you have only three friends slashdork. It's more like, find the high school chic I had a huge crush on. You know so I can stalk her like never before, because, since we were high school friends (and I'm not in jail or something), it must be cool to let me know where she is and post pictures of herself with her new puppy and her pajamas.

The truth is, I remain on FB because it's extremely popular with the teenagers (which I have three). I damn sure can't just let them use the thing without educating them about the risks and consequences (and checking / fixing privacy settings every fucking week).

I'd be a dick to tell them they can't use it because I don't trust them or FB. I'm the guy that fixes and explains everything. It's what they expect and deserve.

They will have way more of this to deal with in the future than you can imagine (please get a clue before having children (or don't)). It may be a major pain in my ass to make sure that their cellphones aren't geo-tagging photos, they aren't just accepting everyone as friends, they post appropriately, and all sorts of things. It's my job as a parent to NOT tell them "NO SEX! NO VIOLENCE! NO DRUGS!" It's my job to educates them and teach them in a way that enables them to be good and safe AND PROTECTED citizens when I am no longer doing these things WITH them (e.g., my son knows how to install and _for-the-most-part_ maintain his machine with both windows and *my preferred linux*).

Anyway, Fuck FB.

And Fuck you slashdork. Grow some balls and own the technology.

Re:BUG??

[ackthpt]

Sorry, 'bug'? Isn't that a bit like saying a behavioural 'bug' caused Facebook to kick my grandmother in the shin? (Which I don't doubt they would do if there was money in it.)

I'm under the impression it was originally planned to replace all your contacts email addresses with the new and improved friendxyz@facebook.com email addresses .. so they can, you know, route all of your email and use it for harvesting yet more information from you.

blessing in disguise?

[Eponymous+Hero]

it looks to me like this might already be fixed (at least if they're rolling out in stages i got a fix update it seems) and better yet all my contacts synced from FB have their email addresses reverted back to their real addresses and not that shit @facebook.com address. maybe this "glitch" was some real damage control for that email address fiasco?

Re:BUG?? Two repercussions (or more)

[Douglas+Goodall]

Changing your FB profile email address to the FB message system has the effect of quietly sending mail intended for you to the FB servers that hold their message traffic. If you are not in the habit of checking your FB message queue. That is very much like important email ending up in your junk mail folder, and you don't happen to see it. The other affect is that the email itself (which may have contained confidential information) is now sitting on the FB server and subject to being browsed by over enthusiastic admins. Not that it was ever wise to send email through their gateway to begin with. This man-in-the-middle attack, where they intercept and redirect your FB originated email will probably be found to be illegal, and I believe they did this to millions of users. Then there is the issue of the unexpected changing of the data in smartphone address books, very bad indeed.

Worse: haven't logged in for years, still changed

[Maow]

I bought an HTC Amaze 4G (aka Ruby?) from Wind Mobile in Canada and it had a Facebook app on it. Which was always running. When I killed the app and the service, it would come back, restarted by HTC Sense I suppose.

The app's permissions were... everything. And I couldn't uninstall it.

I hooked it up to my computer, set to "Internet Pass-through" and ran tcpdump - no sign of "phoning home". Back to the store for a return. I called HTC and told them why.

But, after a couple more weeks of research (phoneless), I bought it again (the only phone I really liked) with the intention of rooting and removing FB app.

Before I could though, I added a contact's phone & email. They later sent me an SMS and ... the contact had a photo. WTF?!? How'd that happen?

Turns out it was the photo from that person's FB account. So the app did phone home, probably dumping all my contacts to the mothership. It certainly sent back my new contact's email and/or phone number.

I'm still considering filing a complaint with Canada's Privacy Commissioner.

Meanwhile ICS has been pushed out, so I set that app's data bandwidth cap to zero. Guess I'd better root the thing sooner rather than later.

With apologies to Arthur C Clarke ...

[140Mandak262Jamuna]

... sufficiently advanced incompetence is indistinguishable from malice.