Stories
Slash Boxes
Comments

SoylentNews is people

Facebook And Twitter Profiles Silently Slurped By Shady Code

posted by Fnord666 on Wednesday November 27 2019, @10:07AM   Printer-friendly
from the stop-me-if-you've-heard-this-one dept.

Arthur T Knackerbracket has found the following story:

Twitter and Facebook on Monday claimed some third-party apps quietly collected swathes of personal information from people's accounts without permission.

The antisocial networks blamed the data slurp on what they termed a pair of "malicious" software development kits (SDKs) used by the third-party iOS and Android apps to display ads. Once a user was logged into either service using one of these applications, the embedded SDK could silently access that user's profile and covertly collect information, it is claimed.

[...] [Facebook said] "Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores," a Facebook spokesperson told The Register.

"After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts."

Spokespeople for oneAudience declined to comment. Meanwhile, MobiBurn has issued a public statement on the matter.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Facebook And Twitter Profiles Silently Slurped By Shady Code | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Wednesday November 27 2019, @12:29PM

    by Anonymous Coward on Wednesday November 27 2019, @12:29PM (#925325)

    '...the code is not running "on their site" directly, but on an end user's device in a 3rd party app as part of the malicous SDK..'

    Ah!, a malicious SDK, as opposed to one which is kosher and blessed...

    What amuses me here is that FB and Twatter are quite happy to allow momsers to build apps using 'blessed' SDKs which try and 'exchange pleasantries' with various servers run by them, even when the users of these apps have no accounts with either of them, especially FB. All I can say is thank fsck for firewalls on android, I'm particularly getting increasingly narked off by the number of kosher apps I've run for a while whose recent updates are now trying to talk to FB servers on the fly (try resolve IPv4 address for weird server with a FB address...if no joy...try resolve IPv6 address for same server..if no joy...try hardwired IP..bastards...).