Malicious apps accessed Facebook, Twitter users' data

With mobile phones becoming an integral part of the people, it now houses more personal data than at their home. This apparently attracts cybercriminals to prey on naive users and steal sensitive data such as financial credentials and in some cases retrieve user locations, email IDs to spam them with telemarketing messages.

Now, it has come to light that two app companies-- One Audience and Mobiburn--have misused the app permissions of Twitter and Facebook. They made use of Software Development Kits (SDK)-laced with malicious codes to track the social media users and also access location, name, email IDs and their latest tweets and Facebook posts.

Twitter in the official blog has confirmed that the aforementioned app developers have retrieved user data from its microblogging site, but only on Android devices. 
The iPhone and iPad owners are said to be safe, as the default security screening in the iOS versions of Facebook and Twitter block such malicious apps.

"We have informed Google and Apple about the malicious SDK so they can take further action if needed. We have also informed other industry partners about this issue.  We will be directly notifying people who use Twitter for Android who may have been impacted by this issue" Twitter said.

For now,  Twitter and Facebook users need not have to do anything unless, if you happen to have downloaded any third-party apps developed by One Audience and Mobiburn. Then, uninstall them immediately. 

Facebook in a press statement has also announced that they sent a notice of cease and desist to the aforementioned app developers and also notify the affected social media users.

All users are advised to be wary of such third-party apps before installing them on their phones. Also, make a habit of reading through the privacy documents and never give access permissions to location or any other information for the third-party apps during the installation process.

Here's how to safeguard your mobile phone from adware and other malware threats:
1) Whether you have an Android mobile or iOS-based iPhone, always stay updated with the latest software. Both Google and Apple send regularly send firmware — especially security patches monthly or on a priority basis, whenever they detect threats. So, make sure you install the latest software.
2) Another good practice is to install a premium Antivirus software on mobile, which offers 24x7 protection. They are equipped to detect threats quickly whenever you unknowingly visit a shady website
3) Never ever open emails or SMS and click URL links sent from unknown senders 
4) Also, never install apps from unfamiliar publishers. 
5) Always download apps from Google Play or Apple App store only. Never install from any third-party app store.

Get the latest news on new launches, gadget reviews, apps and more on personal technology only on DH Tech.

DH Newsletter Privacy Policy Get top news in your inbox daily
GET IT
Comments (+)