Malicious apps are using Facebook APIs to steal private data

emanlai26790@gmail.com' By: Eman
3 minute read
facebook api malware

Malicious applications in the tens of thousand where found to be using Facebook APIs. These malware apps will use APIs like messaging APIs, login APIs, etc, to gain access to a Facebook profile’s private information such as location, email address, and name.

Trustlook created a formula that helped discover these malicious APIs. The formula uses a risk score for applications based on around 80 pieces of information for those apps. These information pieces include libraries, permissions, network activity, and more. This method has led Trustlook to discover 25,936 malicious apps.

The Cambridge analytica data-harvesting scandal

This leak of information has been labeled the Cambridge Analytica data-harvesting scandal. In this post, Trustlook explains that this data mining scandal was mainly due to app developers abusing Facebook login permission feature. When you use a new application and it gives you the option to login with your Facebook, you will have to give the app permission to access some of your information.

However, back in the year 2015, Facebook allowed developers to collect more than just the user’s information. Developers also were able to collect information from the user’s network of friends. This means that while only just one user granted the app permission, developers could access data of multiple users who haven’t granted the application any permission. This scandal has created a massive backlash among Facebook users.

What a malicious app can do

Of course not all of these tens of thousands of apps have the same level of threat to your privacy. However, some of these apps (with a risk score that exceeded 7) could possibly be doing things like making far too many network calls, capturing audio and pictures even if the application was not open.


In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.


Facebook is not the only company to be affected

Linkedin, Google, Yahoo, and Twitter all offer similar options to app developers. So, users of these social media outlets are also susceptible to exposure. In fact, Twitter has been found to be selling data directly to a company that was linked to the Cambridge Analytica scandal.

Call for increased regulations

Recently a survey of 512 security professionals at the 2018 RSA conference was taken. 70 percent of the respondents think that the government should have stricter regulations on social media platforms to protect privacy. Also, a good portions of the respondents believe that government officials should increase their understanding of the threats to digital privacy.

Conclusion

It is quite clear, due to recent events, that social media networks should take the extra step to protect the privacy of its users. In any case, Facebook will not want malicious applications using its APIs.

Read More:

Next up

2018 List: Best free Android emulators for Windows 10/8.1/7

By: Ivan Jenic
7 minute read

What Android emulator is the best for my Windows PC? Bluestacks MeMu Nox Remix OS Player Droid4X AMIDuOS Windroy Genymotion Xamarin Android Player Andy We’re […]

Continue Reading

New Windows 10 security flaw gives system privileges to hackers

By: Daniel Segun
2 minute read

Recently, a security researcher @SandboxEscaper disclosed in a tweet which has been deleted (the account also has been removed), that the task scheduler is vulnerable […]

Continue Reading

Microsoft devices could support Ultrafast wireless charging in the future

By: Daniel Segun
2 minute read

Microsoft may be developing a new wireless charging system called “Ultrafast’” for its devices, if a newly discovered patent gets approved for mass production. This […]

Continue Reading

Discussions