26,000 Malicious Apps Use Facebook APIs

Those APIs give developers easy access to user data.

26,000 Malicious Apps Use Facebook APIs 

The mop-up work for Facebook in the wake of its privacy reform could take much longer than we might expect. According to security company Trustlook, there are nearly 26,000 malicious apps currently using at least one Facebook application programming interface, any of which could give those developers access to information from Facebook profiles, including names, locations and email addresses.

The company noted that similar dangers exist in APIs provided for other social sites, including Twitter, LinkedIn, Google and Yahoo.

In response to the privacy problem, Facebook CEO Mark Zuckerberg said his company would audit thousands of apps and give users easier tools for managing how their data is used.

Trustlook sells security products and services using artificial intelligence to protect against sophisticated malware and other kinds of attacks.

According to a recent blog article on Trustlook's website, the problems that led to the Cambridge Analytica data-harvesting outrage resulted when developers abused certain Facebook APIs, specifically those associated with its login feature. When Facebook users tap the site's login to connect with other services, they grant those apps' developers access to information on their profiles. Beginning in 2015, the year before the Cambridge Analytica debacle, Facebook also allowed developers to access a bit of data from friends of users who used Facebook Login as well — whether or not they had agreed to hand over their data.

The security company has identified 25,936 "malicious apps" in use by Facebook users. That count was handled through its product, SECUREai App Insights, whose three flavors — mobile, core and IoT — are used by companies that want to embed security into their own products. The technology provides information on apps, including risky API calls and a risk score. According to the firm, three of the top five app stores use the program to assess the risk of the apps allowed into their stores.

"Whether Facebook can accomplish their goals remains to be seen, but it's clear the company needs better visibility into how user information is being handled by third-party apps," the company suggested. "And most likely it needs a sophisticated piece of software to help."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • college students in a classroom focus on a silver laptop, with a neural network diagram on the monitor in the background

    Report: 93% of Students Believe Gen AI Training Belongs in Degree Programs

    The vast majority of today's college students — 93% — believe generative AI training should be included in degree programs, according to a recent Coursera report. What's more, 86% of students consider gen AI the most crucial technical skill for career preparation, prioritizing it above in-demand skills such as data strategy and software development.

  • laptop with a neural network image, surrounded by books, notebooks, a magnifying glass, a pencil cup, and a desk lamp

    D2L Lumi AI Updates Add Personalized Study Supports

    Learning platform D2L has announced new artificial intelligence features for D2L Lumi that help provide more personalized study supports for students.

  • three glowing stacks of tech-themed icons

    Research: LLMs Need a Translation Layer to Launch Complex Cyber Attacks

    While large language models have been touted for their potential in cybersecurity, they are still far from executing real-world cyber attacks — unless given help from a new kind of abstraction layer, according to researchers at Carnegie Mellon University and Anthropic.

  • young man in a denim jacket scans his phone at a card reader outside a modern glass building

    Colleges Roll Out Mobile Credential Technology

    Allegion US has announced a partnership with Florida Institute of Technology (FIT) and Denison College, in conjunction with Transact + CBORD, to install mobile credential technologies campuswide. Implementing Mobile Student ID into Apple Wallet and Google Wallet will allow students access to campus facilities, amenities, and residence halls using just their phones.