26,000 Malicious Apps Use Facebook APIs

Those APIs give developers easy access to user data.

26,000 Malicious Apps Use Facebook APIs 

The mop-up work for Facebook in the wake of its privacy reform could take much longer than we might expect. According to security company Trustlook, there are nearly 26,000 malicious apps currently using at least one Facebook application programming interface, any of which could give those developers access to information from Facebook profiles, including names, locations and email addresses.

The company noted that similar dangers exist in APIs provided for other social sites, including Twitter, LinkedIn, Google and Yahoo.

In response to the privacy problem, Facebook CEO Mark Zuckerberg said his company would audit thousands of apps and give users easier tools for managing how their data is used.

Trustlook sells security products and services using artificial intelligence to protect against sophisticated malware and other kinds of attacks.

According to a recent blog article on Trustlook's website, the problems that led to the Cambridge Analytica data-harvesting outrage resulted when developers abused certain Facebook APIs, specifically those associated with its login feature. When Facebook users tap the site's login to connect with other services, they grant those apps' developers access to information on their profiles. Beginning in 2015, the year before the Cambridge Analytica debacle, Facebook also allowed developers to access a bit of data from friends of users who used Facebook Login as well — whether or not they had agreed to hand over their data.

The security company has identified 25,936 "malicious apps" in use by Facebook users. That count was handled through its product, SECUREai App Insights, whose three flavors — mobile, core and IoT — are used by companies that want to embed security into their own products. The technology provides information on apps, including risky API calls and a risk score. According to the firm, three of the top five app stores use the program to assess the risk of the apps allowed into their stores.

"Whether Facebook can accomplish their goals remains to be seen, but it's clear the company needs better visibility into how user information is being handled by third-party apps," the company suggested. "And most likely it needs a sophisticated piece of software to help."

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • robot typing on a computer

    Microsoft Unveils 'Computer Use' Automation in Copilot Studio

    Microsoft has announced a new AI-powered feature called "computer use" for its Copilot Studio platform that allows agents to directly interact with Web sites and desktop applications using simulated mouse clicks, menu selections and text inputs.

  • AI microchip under cybersecurity attack, surrounded by symbols of threats like a skull, spider, lock, and warning shield

    Report Finds Agentic AI Protocol Vulnerable to Cyber Attacks

    A new report from Backslash Security has identified significant security vulnerabilities in the Model Context Protocol (MCP), technology introduced by Anthropic in November 2024 to facilitate communication between AI agents and external tools.

  • educators seated at a table with a laptop and tablet, against a backdrop of muted geometric shapes

    HMH Forms Educator Council to Inform AI Tool Development

    Adaptive learning company HMH has established an AI Educator Council that brings together teachers, instructional coaches and leaders from school district across the country to help shape its AI solutions.

  • illustration of a human head with a glowing neural network in the brain, connected to tech icons on a cool blue-gray background

    Meta Introduces Stand-Alone AI App

    Meta Platforms has launched a stand-alone artificial intelligence app built on its proprietary Llama 4 model, intensifying the competitive race in generative AI alongside OpenAI, Google, Anthropic, and xAI.