| Title | Tens of Thousands of Malicious Apps Using Facebook APIs | |
| Date | Wednesday May 02 2018, @10:41PM | |
| Author | janrinok | |
| Topic | ||
| from the all-that-data-just-for-the-asking dept. | ||
Submitted via IRC for SoyCow3941
The apps are deemed malicious by doing things such as capturing pictures and audio when the app is closed, or making an unusually large amount of network calls. These allow apps to access a range of information from Facebook profiles, like name, location and email address.
Trustlook discovered the malicious apps using a formula, which created a risk score for apps based on more than 80 pieces of information for each app, including permissions, libraries, risky API calls and network activity.
"The Cambridge Analytica data-harvesting scandal was mainly a result of developers abusing the permissions associated with the Facebook Login feature," Trustlook researchers said, in a post. "When people use Facebook Login, they grant the app's developer a range of information from their Facebook profile. Back in 2015, Facebook also allowed developers to collect some information from the friend networks of people who used Facebook Login. That means that while a single user may have agreed to hand over their data, developers could also access some data about their friends. Needless to say, this realization among Facebook users has caused a huge backlash."
Source: https://threatpost.com/tens-of-thousands-of-malicious-apps-using-facebook-apis/131566/
| Links |
printed from SoylentNews, Tens of Thousands of Malicious Apps Using Facebook APIs on 2024-05-02 03:49:49