The vast majority of instant messaging tools require users to grant address book permissions when they are first used so that they can read contact phone numbers to match specific accounts. This strategy can not only explore more potential users through the user’s address book but also recommend users to users to provide communication tools for users. However, sometimes this matching strategy may also leak the real information of a large number of users, such as Twitter, which was used by researchers to match 17 million numbers. Researchers enumerated 2 billion numbers to upload to Twitter and matched 17 million users. Facebook saw the news and quickly disabled matching in their own apps.
Facebook Messenger is removing the ability to find someone by entering their phone number pic.twitter.com/NzvtpsSun7
— Jane Manchun Wong (@wongmjane) December 28, 2019
Although Twitter officials have yet to confirm that the researchers said the loopholes are true or false, the social network giant Facebook has quietly disabled matching in a recent update. On Twitter, a reverse engineer reversed the Facebook Messager application and found that Facebook had directly deleted the communication class match from the code. It is interesting that at least no researchers have confirmed that Facebook has similar vulnerabilities, and Facebook itself is very decisive and directly disables related functions.