Personal data of Facebook and Twitter users might have been improperly accessed through an app bug on Google’s Play Store.
According to the announcement on the matter, personal data of hundreds of users might have been impacted, which includes email addresses, usernames, and recent tweets of users. The vulnerability was brought to the notice of the companies by security researchers.
Facebook and Twitter says hundreds of users gave improper access to data through third-party apps https://t.co/uAqHGGhYkB
— CNBC International (@CNBCi) November 25, 2019
Malware-Infested Play Store
The issue revolves around mobile software development kit (SDK) One Audience and Mobiburn, which Twitter says gave third party developers improper access to personal data of users. According to Twitter,
“Our security team has determined that the malicious SDK, which could be embedded within a mobile application, could potentially exploit a vulnerability in the mobile ecosystem to allow personal information (email, username, last Tweet) to be accessed and taken using the malicious SDK.”
The social media company said the vulnerability could open up a person’s account to a takeover, but says there is no evidence that it happened. Twitter has informed Google and Apple about the vulnerability, so they can act if need be.
Facebook said the bad actors, One Audience and Mobiburn, had been removed from its platform for “violating our platform policies,” and they have also been issued “cease and desist letters.”
Google needs an intervention to curtail the spread of malicious activities on its app store. In September, researchers uncovered over 170 infected apps on the Play Store had racked up 335 million installs. The most popular of this malware was adware, followed by subscription scams, signing people up for services behind their back. Almost on a daily basis, Android users are being put in harm’s way by millions of apps that hide this malware and scams, having managed to pass through the gates. Google seems interested in beefing up its security checks, and it has teamed up with security companies like Eset and Lookout to create the App Defense Alliance.
#ICYMI: We’re joining forces with @Google to keep @GooglePlay secure! As part of the App Defense Alliance, we’ll be able to stop malicious apps before they become a threat to the general public. https://t.co/PhOVTV4iiI pic.twitter.com/QwxmO4NWYP
— Lookout (@Lookout) November 20, 2019
This Alliance will create a joint task force that will scrutinize apps as they pass through Google’s verification system to being offered on the Play Store. The scanning system is the latest step taken to police the App Store, and it follows a rigorous check on developers in April, to take out bad actors.
What do you think about this scenario? Let us know your thoughts in the comments below!
Images are courtesy of Twitter, Shutterstock, Pixabay.