Facebook Applications - HackerUp on Facebook Security (2016)

HackerUp on Facebook Security (2016)

Facebook Applications

Facebook offers many features. Keeping track of your Friends and their activities are just the tip of the iceberg. By integrating software applications and online services, Facebook allows you to share your music, play games, promote online causes, and so much more.

Application developers outside of Facebook create these apps for you to access whether you are using Facebook in a web browser or mobile device. For example, Spotify lets you share your music with your Facebook Friends. It’s apps like this that turn Facebook into a more engaging and useful experience.

Everyone loves a good app. And it’s no wonder. With over 9 million apps already on the market, there is an app to meet the needs or interests of just about everyone. Most of these apps are useful, fun, and legitimate. But with a barrel that large, you will find a few rotten apples. Before you install an app or link it to your Facebook account by agreeing to Log in with Facebook, you need to ask yourself a few questions.

•Who am I playing this app with?

•Where am I downloading this from?

•What information is it taking from my Facebook account?

App authorization

For Facebook apps to work, they need access to some of your Facebook account information. For example, if you want to invite your Facebook Friends to play a game with you, that game app needs access to your Friends list. So, the first time you use an app, Facebook will ask you to approve its access to your profile. When you approve an app, you are authorizing it to have access to your account and information. For example, Pandora can share the music you listen to with your Friends, and the NBC News website can post which news articles you read to your Timeline. Since you are the one who authorizes the app access to your account, you need to know what the app is requesting before you approve it.

Some of the information that apps gather is optional, and some isn’t. By default, apps have access to your name, profile picture, cover photo, gender, networks, username, and user ID. Apps can also collect anything that you chose to make Public in a status post. Some apps also request access to more sensitive information like your email address, birthday, hometown, education, your location, photos, your Friends list, work history, check-ins, and much more.

If you are already using Facebook apps, you may have given those apps permission to access more bits and pieces of your Facebook data than you realize. If you’re not sure what data you gave them access to, you can always check and limit access (or even remove the app altogether) if you’re not comfortable. Having said that, the app still keeps your data. It’s like accidentally letting someone read your diary. You can grab the book back, but they retain the knowledge of anything they’ve already read. If you allowed access to your email address, birthdate, and hometown, the app makers can still sell that data to marketers. Yes, that’s legal. Remember the proverb, you don’t get something for nothing? That’s so true with app companies. You use our app, we keep your data!

Anonymous Login vs. Facebook Login

Anonymous Login lets you use a game or app on Facebook without sharing your personal information, or allowing the game or app to post on your behalf. Don’t think this gives you anonymity on Facebook. It simply allows you to demo an app before you turn over your personal info. If you check out a game or app with Anonymous Login and choose to use the social features, you can easily switch to Facebook Login.

Facebook Login is a simple way to login into apps without having to create a username and password for each app. Facebook Login lets you share your personal info with the game or app. Using Facebook login is very convenient, but it’s important to know what information each site takes from your Facebook account and how it’s used.

One of the dangers of this easy app use is that you just might be oversharing with apps that you don’t even use. Many users are fast to grab the latest apps, agreeing to Login with Facebook and allow access to their Friends list and Timeline posts with hardly a second thought. Days later, they barely remember that they have the new app and completely forget how much access to their personal information they handed over. If you no longer remember which permissions you granted to which apps, you should run the Privacy Checkup provided by Facebook.

Bad apps

Bad apps are deliberately malicious Facebook apps. The entire point of a bad app is to gain access to your Facebook account in order to use and abuse your personal information.

It’s important to download apps from reputable sites, but even reputable sites can serve up malicious apps, so always go a step further and read the reviews before downloading a new app. Two popular Android phishing apps that made their rounds in 2015 were Cowboy Adventure and Jump Chess. These bad apps, which collected Facebook users and IDs, were made available for download from a reputable site, the Google Play Store. Once the apps were downloaded and installed they popped up a Facebook login screen tricking users into giving up their usernames and passwords. Although Google removed the apps from the Play Store, experts report that as many as 1 million users were tricked, possibly many more. How did savvy users avoid these bad apps? Some read the reviews. Others knew that Facebook never asks you to log back in once you have logged in.

If you’re concerned about a Facebook app that you’ve already installed, you can remove it. Within Facebook mobile app, menu names and functions vary between devices. For details on any particular function, please refer to the Help section.

If you’re using a laptop or desktop computer:

•Click the down-pointing triangle at the far right of the Facebook menu bar.

•Click SETTINGS on the drop-down menu.

•Click APPS in the left pane. App settings will display in the right pane with LOGGED IN WITH FACEBOOK apps displayed at the top left.

•Mouse over the name of any app you want to remove. An X will display to the right of the app name.

•Click X to remove the app.

Nosey apps

Some apps aren’t malicious so much as they’re just nosey. They request access to ridiculous amounts of information that they really don’t need in order for the app to work. Once they have that information, they are free to use it for marketing or sell it to third parties—even if you later revoke their access permission or remove the app altogether.

As an example, one of the top apps in 2015 was “What Are Your Most Used Words on Facebook?” by South Korean developer Vonvon that created a “word cloud” based on your past status messages. By year end, over 18 million people had installed that app. Sound harmless? Installation required users to give the app permission to collect their IP address, profile picture, age, birthday, education history, hometown, Friends list, posts they made, posts others made that they were tagged in, photos they uploaded, photos others uploaded that they were tagged in, and Likes. Security experts dubbed the app a privacy nightmare. (They protested so loudly that by December, Vonvon had revised the app to drastically limit the data permissions requested.) By then, it was too late for the users that had already used it.

Doesn’t Facebook protect your data? For the most part, Yes, they do. But when you install a third-party app, you’re agreeing to the Privacy policy of the company that makes that app. They may or may not respect your privacy. In the case of the Vonvon app, their privacy policy stated, “We may continue to use any non-personally-identifying information in accordance with this Privacy Policy (e.g., for the purpose of analysis, statistics and the like) also after the termination of your membership to this Website or use of our services, for any reason whatsoever.” In English? Once you install their app, they get to keep the data you gave them access to—even if you remove the app—and they can use that data in future as they see fit.

Keep in mind that YOU and YOUR data are the products that app companies are selling. Your data is worth revenue. That’s why it’s so important to be conscious of just how much access you’re granting to a third party when you install an app.

Not installing Nosey Apps? Are your Friends?

Apps that your Facebook Friends install can grab your data too! Even if you don’t use those apps!

Nosey apps your Friends installed

Sometimes the app grabbing your personal information isn’t one that you even installed—it’s an app that one of your Friends installed. Because your Friends have access to much of your data (birthday, Friends, hometown, pictures), apps that your Friends install also have access to your data—even if you didn’t install those apps and never used them.

To prevent your Friends’ apps from taking your personal information, you need to change the privacy settings in APPS OTHERS USE. To be safest, simply uncheck everything and then check to allow access only to the data that the apps you’re using need. In the screen below, the user has allowed access only to BIRTHDAY (because she enjoys birthday e-cards sent from apps) and IF I’M ONLINE (because she uses Facebook Messenger).

If you don’t use apps at all, you can simplify protecting your data by turning off the Facebook Platform. This is one of the settings that is accessed differently between the desktop and mobile Facebook apps.

On a desktop or laptop computer:

•Click the down-pointing triangle at the far right of the Facebook menu bar.

•Click SETTINGS on the drop-down menu.

•Click APPS in the left pane. App settings will display in the right pane.

•Click EDIT under APPS, WEBSITES AND PLUGINS.

•Click the DISABLE PLATFORM link on the dialog box displayed:

Because the Facebook platform is how all app websites interact with Facebook, if you disable the Platform, you will be unable to use any apps. You will also be unable to log into other websites using your Facebook login.