Pakistani researchers discover secret 16 third-party Facebook apps stealing user data
Pakistani Researchers have found a substantial proof that many apps are secretly sharing our data with third-parties.
A team comprising Pakistani researchers from the University of Iowa and Lahore University of Management and Sciences has uncovered 16 Facebook apps that are secretly sharing user data with third-parties.
We know that there are thousands of apps on Facebook with access to billions of user accounts and their associated data. The moment we make a Facebook account, our data becomes accessible to many advertisers and other third parties.
However, it is difficult to identify data misuse by these apps, since their information is stored in servers that are generally beyond the reach of Facebook itself.
The Research done by the Pakistani researchers managed to unearth something that is usually elusive to everyone. They found substantial proof that many apps are secretly sharing our data with third-parties.
CanaryTrap and Honeytokens
Using an ingenious method called CanaryTrap with Facebook ad transparency tool, the research team used the technique of “honeytoken” emails. With the help of this technique, researchers install Facebook apps and observe if they received unusual emails from unknown sources.
Honeytokens are fictional data or files that permit IT experts, to track data and suspicious activity.
The study examined a total of 1,024 third-party apps, out of which 16 were found to be sharing the user data as the researchers received emails from senders they did not know.
It was revealed that data was normally shared with an independent affiliate website or business partner. However, some of the emails sent to the researchers’ inboxes were genuinely concerning. The emails ranged from sextortion warnings to several kinds of email spam.
The research team comprises lead author Shehroze Farooqi, a Ph.D. student at the University of Iowa, along with Fareed Zaffar, Zubair Shafiq, and Maaz Musa.
1/ 📢 Pleased to finally share the public disclosure (https://t.co/bpFmNc0E7h) for our #PETS2020 CanaryTrap paper on detecting data misuse by third-party apps on Facebook. Full paper available here: (https://t.co/nuzww9m5v9).
— shehroze Farooqi (@shehrozeFarooqi) July 3, 2020
Shehroze Farooqi said, “Our study reveals the misuse of user data shared with third-party apps on Facebook since we only implement CanaryTrap for Facebook. The potential misuse of user data may be happening on other platforms like Twitter, Instagram, and various Google products (such as Gmail and GSuite marketplace).”
What are your views on this? Share with us in the comments bar below.