April 25, 2018

25,936 Malicious Apps Use Facebook APIs

25,936 Malicious Apps Use Facebook APIs

Trustlook has identified 25,936 malicious apps that are currently using one of Facebook’s APIs, such as a login API or messaging API. (The list of MD5s can be found here.) App developers, when using these APIs, are able to obtain a range of information from a Facebook profile—things such as a name, location, and email address.

The Cambridge Analytica data-harvesting scandal was mainly a result of developers abusing the permissions associated with the Facebook Login feature. When people use Facebook Login, they grant the app’s developer a range of information from their Facebook profile. Back in 2015, Facebook also allowed developers to collect some information from the friend networks of people who used Facebook Login. That means that while a single user may have agreed to hand over their data, developers could also access some data about their friends. Needless to say, this realization among Facebook users has caused a huge backlash.

Trustlook discovered the malicious apps within its SECUREai App Insights product, which continuously scans apps from across the world, and provides more than 80 pieces of information for each app, including permissions, libraries, risky API calls, network activity, and a risk score. This allows app store owners, app developers, and researchers to make informed decisions when assessing the risk of an app. SECUREai App Insights is currently securing three of the top five app stores in the world.

To be fair, Facebook is not the only company with its APIs embedded in malicious applications. Twitter, LinkedIn, Google, and Yahoo offer similar options to developers, and thus their user data faces similar exposure. All of these companies need to remain diligent about what user information is being granted to apps.

For more information on SECUREai App Insights, please visit www.trustlook.com.