Take the pledge to vote

For a better tommorow#AajSawaroApnaKal
  • I agree to receive emails from News18

  • I promise to vote in this year's elections no matter what the odds are.
  • Please check above checkbox.

    SUBMIT

Thank you for
taking the pledge

Vote responsibly as each vote counts
and makes a diffrence

Disclaimer:

Issued in public interest by HDFC Life. HDFC Life Insurance Company Limited (Formerly HDFC Standard Life Insurance Company Limited) (“HDFC Life”). CIN: L65110MH2000PLC128245, IRDAI Reg. No. 101 . The name/letters "HDFC" in the name/logo of the company belongs to Housing Development Finance Corporation Limited ("HDFC Limited") and is used by HDFC Life under an agreement entered into with HDFC Limited. ARN EU/04/19/13618
Tech
News18 » Tech
2-min read

Shady Android Apps Got Your Personal Info From Twitter And FB Via a Malicious Kit

The vulnerability isn’t in the apps themselves, but instead in a development kit for Android phones.

Vishal Mathur | @vishalmathur85

Updated:November 26, 2019, 9:17 AM IST
facebookTwitter Pocket whatsapp
Shady Android Apps Got Your Personal Info From Twitter And FB Via a Malicious Kit
The vulnerability isn’t in the apps themselves, but instead in a development kit for Android phones.

Tech companies are just not getting the importance of data privacy, are they? Yet again, they are playing fast and loose with our data. This time around, it is Facebook and Twitter saying that some apps on the Google Android platform may have accessed user data because of a malicious software development kit maintained by oneAudience. This means that certain apps downloaded from the Play Store on Android phones, and used the Facebook or Twitter single sign on (SSO) option now have access to personal data that wasn’t supposed to be shared with them in the first place. At this time, it is understood that only the Android platform has this vulnerability.

“This issue is not due to a vulnerability in Twitter’s software, but rather the lack of isolation between SDKs within an application. Our security team has determined that the malicious SDK, which could be embedded within a mobile application, could potentially exploit a vulnerability in the mobile ecosystem to allow personal information (email, username, last Tweet) to be accessed and taken using the malicious SDK. While we have no evidence to suggest that this was used to take control of a Twitter account, it is possible that a person could do so,” says Twitter in an official statement. They go on to say that they have evidence to suggest that this SDK was used to access people’s personal data for at least some Twitter account holders using Android phones. However, there is no evidence that the iOS version of this malicious SDK targeted people who use Twitter on the Apple iPhone.

Twitter says they have informed Google about this vulnerability, and are now reaching out to Twitter for Android users who may have been impacted by this issue.

Facebook is also suggesting that specific user data may have been revealed to these apps, depending on what permissions users allowed and enabled when using Facebook account credentials to sign in. “Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores. After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts,” a Facebook spokesperson told CNBC.

Mobiburn insists they have done no wrong. “Mobiburn only facilitates the process by introducing mobile application developers to the data monetization companies. This notwithstanding, Mobiburn stopped all its activities until our investigation on third parties is finalized,” the company said in an official statement.

This comes at a time when Facebook, Twitter and indeed Google are facing increasing scrutiny from regulators, particularly in the US, regarding their handling of user data and how it is used to track usage and enable targeted advertising, both often without user consent.

Get the best of News18 delivered to your inbox - subscribe to News18 Daybreak. Follow News18.com on Twitter, Instagram, Facebook, Telegram, TikTok and on YouTube, and stay in the know with what's happening in the world around you – in real time.

Read full article
Next Story
Next Story

facebookTwitter Pocket whatsapp

Live TV

Countdown To Elections Results
To Assembly Elections 2018 Results