Malicious apps are using Facebook APIs to steal private data

by Radu Tyrsina
Radu Tyrsina
Radu Tyrsina
CEO & Founder
Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of... read more
Affiliate Disclosure
facebook api malware

Malicious applications in the tens of thousand where found to be using Facebook APIs. These malware apps will use APIs like messaging APIs, login APIs, etc, to gain access to a Facebook profile’s private information such as location, email address, and name.

Trustlook created a formula that helped discover these malicious APIs. The formula uses a risk score for applications based on around 80 pieces of information for those apps. These information pieces include libraries, permissions, network activity, and more. This method has led Trustlook to discover 25,936 malicious apps.

The Cambridge analytica data-harvesting scandal

This leak of information has been labeled the Cambridge Analytica data-harvesting scandal. In this post, Trustlook explains that this data mining scandal was mainly due to app developers abusing Facebook login permission feature. When you use a new application and it gives you the option to login with your Facebook, you will have to give the app permission to access some of your information.

However, back in the year 2015, Facebook allowed developers to collect more than just the user’s information. Developers also were able to collect information from the user’s network of friends. This means that while only just one user granted the app permission, developers could access data of multiple users who haven’t granted the application any permission. This scandal has created a massive backlash among Facebook users.

What a malicious app can do

Of course not all of these tens of thousands of apps have the same level of threat to your privacy. However, some of these apps (with a risk score that exceeded 7) could possibly be doing things like making far too many network calls, capturing audio and pictures even if the application was not open.

In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.

Facebook is not the only company to be affected

Linkedin, Google, Yahoo, and Twitter all offer similar options to app developers. So, users of these social media outlets are also susceptible to exposure. In fact, Twitter has been found to be selling data directly to a company that was linked to the Cambridge Analytica scandal.

Call for increased regulations

Recently a survey of 512 security professionals at the 2018 RSA conference was taken. 70 percent of the respondents think that the government should have stricter regulations on social media platforms to protect privacy. Also, a good portions of the respondents believe that government officials should increase their understanding of the threats to digital privacy.


It is quite clear, due to recent events, that social media networks should take the extra step to protect the privacy of its users. In any case, Facebook will not want malicious applications using its APIs.

Read More:

This article covers:Topics: