It rains on Mark Zuckerberg these days, as in addition to the commercial boycott Facebook is undergoing, now added a University of Iowa investigation that unraveled the way developers are sharing personal information of users through apps with third parties.
According to Zdnet reports, the discovered technique is called CanaryTrap and uses honeytokens that are fake data, tokens, or files that IT experts plant on a network. When the information is accessed or used, administrators can detect malicious activity.
In the context of the social network, honeytokens were unique email addresses that academics used to register Facebook accounts and thus install apps, use them for fifteen minutes, and “lInvestigators then monitored Honeytoken’s email inbox for new traffic. If the inbox received new emails, it was clear that the application shared the user’s data with a third party. “
The academic team said they tested 1,024 Facebook apps using their CanaryToken technique and identified 16 apps that shared email addresses with third parties and that users received emails from unknown senders.
Konstantinos Papamiltiadis, vice president of social media platform associations, commented in a publication that there were indeed violations.
“DWe found that in some cases apps continued to receive data that people had previously authorized, even if it seemed like they hadn’t used the app in the past 90 days. For example, this could happen if someone were to use an exercise app to invite their friends from their hometown to a workout, but we did not recognize that some of their friends had been inactive for many months, “he noted.
Along these same lines, the Facebook official added that, “dIn the last months of data that we have available, we currently estimate that this problem allowed approximately 5,000 developers to continue receiving information, for example, language or gender, beyond the 90 days of inactivity recognized by our systems. We have seen no evidence that this problem has resulted in sharing information that was inconsistent with the permissions that people granted when they logged in with Facebook. ”
Zuckerberg’s social network said it was able to solve the problem.