Security software from Norton exposed a gaping privacy hole in the Facebook for Android app that sends a user’s mobile-phone number across the internet – without consent – to Facebook servers.

Norton Mobile Security software, manufactured by security firm Symantec, discovered that when an Android user first launches the Facebook app – and before the log-in process even begins – his or her mobile phone number starts winging its way to servers owned by the social networking giant.

According to an official Symantec blog, the security firm contacted Facebook about the privacy breach. Facebook responded by saying it would investigate the issue and provide a fix in its next Facebook for Android release (although when that will be is not clear).

Facebook further told Symantec, however, that it had not used or processed the phone numbers and had now deleted them from their servers.