The Cambridge Analytica data-harvesting scandal has forced Facebook to take significant steps to protect its users’ privacy. App developers are no longer permitted to access as much data about Facebook users as they once could. In addition, Facebook CEO Mark Zuckerberg says the company will “audit” thousands of apps and “investigate all apps that had access to large amounts” of data in the past.
What that means exactly is unclear, asserts the team at Trustlook in their media release this week.
Does Facebook have the expertise to review the thousands of apps out there operating under the “old rules,” siphoning user’s (and their friends’) data surreptitiously? Can it do it at scale? That remains to be seen, but it’s clear the company needs better visibility into how user information is being handled by third-party apps.
Trustlook, a cybersecurity company based in San Jose, has a product called SECUREai App Insights that can already do what Facebook is promising to do, a provided statement reads. In fact, the product is currently securing three of the top five app stores in the world.
So how does it work?
SECUREai App Insights provides detailed information about mobile applications. It offers more than 80 pieces of information for each app, including permissions, libraries, risky API calls, network activity, and a risk score. All the information is presented in an easy-to-use, actionable format so that app store owners, app developers, researchers, and companies such as Facebook can make informed decisions.
Most importantly for Facebook, Trustlook’s technology can determine if apps that are using Facebook Login, the feature which is the main avenue through which app developers collect data, are doing so properly, or if they are abusing permissions or mishandling user data in any way.
When people use Facebook Login, they grant the app’s developer a range of information from their Facebook profile—things such as their name, location, email or friends list. Back in 2015, Facebook also allowed developers to collect some information from the friend networks of people who used Facebook Login. That means that while a single user may have agreed to hand over their data, developers could also access some data about their friends. Needless to say, this realization among Facebook users has caused a huge backlash.
“Our technology can make the Facebook ecosystem much safer,” said Allan Zhang, co-founder and CEO of Trustlook. “Facebook’s growth has made them a target for malicious developers, so this extra security layer is critical for them and would be a great benefit to their users.”
Facebook is not the only company offering a sign in feature. Twitter, LinkedIn, Google, and Yahoo have similar features. All of these companies need to remain diligent about what user information is being granted to apps, Zhang said.
For more information on Trustlook and SECUREai App Insights, click here.