Sophos has reported on a Facebook Dislike Button and the story has been picked up by major sites such as the BBC and Mashable. Essentially some nefarious folk have created an application which pretends to be the official Facebook Dislike Button, asks for access to your FB profile and asks personal questions on a survey which then point you to a Firefox download from an unrelated company. Why do they do this? – because they want your private data that’s why; they can sell this on to others for a profit. Sophos, BBC, Mashable and a host of others point out that you should be careful about what apps you allow access to your Facebook data and to be careful in answering surveys. This is self-evidently true, but there is a deeper issue here – should Facebook control their application environment or not?
The advent of the Apple iPhone, the Google Android mobile phone system and Facebook has created a whole new application (App) marketplace where useful and/or fun apps can be downloaded for free or very low cost. This has stimulated great innovation which has enriched all of our lives, but there are dangers to this free/low cost world.
we have forgotten the dangers inherent in any computer program which has access to our machine and our data
Over the years we have all become wary of downloading programs on our PCs/Macs without first checking they come from reputable companies or have reputable reviews on the web about them. We see many such checks happening before people download SocialSafe – and quite right too. However, because iPhones, Android phones, Facebook et al are immediate devices with many, many exciting apps available we have forgotten the dangers inherent in any computer program which has access to our machine and our data – we need to be just as careful with these small free/low cost apps as we have been and are with more major programs on our PCs/Macs.
Apple largely avoid the problem by managing their App store thoroughly. This has the upside that you can download with confidence, but the downside that it can take a while for apps to be authorised – and presumably it costs Apple a lot of money for their staff to do the verification process. The Android and Facebook systems are unmanaged app stores – anybody can post something in and it is available immediately – this is open to abuse. Yes rogue apps can be taken down if they are shown to cause harm, but this is usually after the harm has been done – a true case of shutting the stable door after the horse has bolted.
Ideally, I believe that both Facebook and Android should include an element of management into their app stores – a verified tick or similar. This would highlight that unverified apps are potentially risky and that “buyer beware” principles should apply.
Until this happens please do ask yourself why an app needs access to your data, why they are asking you personal questions, why they need to post to your wall and check out whether there are any comments relating to an app before you download it. We at SocialSafe adhere to the highest levels of privacy and integrity with regard to our app – we know that, but please do check it out for yourselves.
– Julian