Malicious apps are using Facebook APIs to steal private data

Joshua Fischermann By: Joshua Fischermann
3 minute read
facebook api malware

Home » News » Malicious apps are using Facebook APIs to steal private data

Malicious applications in the tens of thousand where found to be using Facebook APIs. These malware apps will use APIs like messaging APIs, login APIs, etc, to gain access to a Facebook profile’s private information such as location, email address, and name.

Trustlook created a formula that helped discover these malicious APIs. The formula uses a risk score for applications based on around 80 pieces of information for those apps. These information pieces include libraries, permissions, network activity, and more. This method has led Trustlook to discover 25,936 malicious apps.

The Cambridge analytica data-harvesting scandal

This leak of information has been labeled the Cambridge Analytica data-harvesting scandal. In this post, Trustlook explains that this data mining scandal was mainly due to app developers abusing Facebook login permission feature. When you use a new application and it gives you the option to login with your Facebook, you will have to give the app permission to access some of your information.

However, back in the year 2015, Facebook allowed developers to collect more than just the user’s information. Developers also were able to collect information from the user’s network of friends. This means that while only just one user granted the app permission, developers could access data of multiple users who haven’t granted the application any permission. This scandal has created a massive backlash among Facebook users.

What a malicious app can do

Of course not all of these tens of thousands of apps have the same level of threat to your privacy. However, some of these apps (with a risk score that exceeded 7) could possibly be doing things like making far too many network calls, capturing audio and pictures even if the application was not open.

In case you want to be secure while surfing the internet, you will need to get a full-dedicated tool to secure your network.  Install now Cyberghost VPN and secure yourself. It protects your PC from attacks while browsing, masks your IP address and blocks all unwanted access.

Facebook is not the only company to be affected

Linkedin, Google, Yahoo, and Twitter all offer similar options to app developers. So, users of these social media outlets are also susceptible to exposure. In fact, Twitter has been found to be selling data directly to a company that was linked to the Cambridge Analytica scandal.

Call for increased regulations

Recently a survey of 512 security professionals at the 2018 RSA conference was taken. 70 percent of the respondents think that the government should have stricter regulations on social media platforms to protect privacy. Also, a good portions of the respondents believe that government officials should increase their understanding of the threats to digital privacy.


It is quite clear, due to recent events, that social media networks should take the extra step to protect the privacy of its users. In any case, Facebook will not want malicious applications using its APIs.

Read More:


Next up

Windows 10 April 2019 Update is almost here, new builds focus on fixes

Matthew Adams By: Matthew Adams
3 minute read

Microsoft is gearing up for the next big Windows 10 build update in spring 2019. The software giant has just announced Windows 10 Insider Preview […]

Continue Reading

Getting Something went wrong Netflix error? Here’s how to fix it

Matthew Adams By: Matthew Adams
4 minute read

Netflix is one of the foremost movie-streaming services that users can utilize within browsers or with its app. However, Netflix also throws out Something went […]

Continue Reading

KB4489890, KB4489888 and KB4489889 bring many issues of their own

Rabia Noureen avatar. By: Rabia Noureen
3 minute read

Microsoft rolled out a new series of cumulative updates for three Windows 10 versions: v1709, v1703 and v1607. The updates don’t come with any security fixes this […]

Continue Reading