Arthur T Knackerbracket has found the following story:
Twitter and Facebook on Monday claimed some third-party apps quietly collected swathes of personal information from people's accounts without permission.
The antisocial networks blamed the data slurp on what they termed a pair of "malicious" software development kits (SDKs) used by the third-party iOS and Android apps to display ads. Once a user was logged into either service using one of these applications, the embedded SDK could silently access that user's profile and covertly collect information, it is claimed.
[...] [Facebook said] "Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores," a Facebook spokesperson told The Register.
"After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts."
Spokespeople for oneAudience declined to comment. Meanwhile, MobiBurn has issued a public statement on the matter.
(Score: 3, Interesting) by FatPhil on Wednesday November 27 2019, @09:32PM (2 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by darkfeline on Thursday November 28 2019, @09:19AM (1 child)
Are you saying that Facebook et al should not be letting users access their own data via an API? If hypothetically I used Facebook, I would like to access my data via an API, including giving applications of my choosing access to that data.
Clearly Facebook should have done the responsible thing and only sold data to other companies via proprietary APIs, instead of letting the user shoot themselves in the face.
To use an analogy, this is like your landlord holding onto the keys for you. If you want to enter your apartment, you have to call your landlord to let you in. God forbid the landlord give you the key only for you to lose it and get burgled. That would 100% be the landlord's fault for being so irresponsible as giving you the keys, and completely not your fault for being an idiot and losing the keys.
Join the SDF Public Access UNIX System today!
(Score: 2) by FatPhil on Thursday November 28 2019, @03:15PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves