The security firm announced the news alongside a new version of the company's Android app, describing Facebook as "not the worst" offender.
Norton said its updated Mobile Insight flagged Facebook for Android as leaking the device phone numbers, affecting a “significant portion” of the hundreds of millions of people who have downloaded the Facebook app from Google Play.
“Mobile Insight automatically flagged the Facebook application for Android because it leaked the device phone number. The first time you launch the Facebook application, even before logging in, your phone number will be sent over the Internet to Facebook servers.
"We reached out to Facebook who investigated the issue and will provide a fix in their next Facebook for Android release. They stated they did not use or process the phone numbers and have deleted them from their servers."
Facebook told Norton it would update its app.
Norton also said it will be providing further details on other offending applications “in the coming weeks”.
The news comes amid fierce privacy fears relating to America's NSA, and Australia's own PRISM facility.
As we reported last week Android users can look forward to an 'incognito mode' as long as they don't mind rooting their phones, meanwhile a Lite version new Norton app is available now and for free from Google's Play Store.