How many apps have you installed on Facebook? More importantly, how many of them could post something in your name right now, without your knowledge? Chances are, it’s more than half of them.
Privacy protection company Secure.me analyzed some 500,000 Facebook apps, and shared the results exclusively with Mashable. The biggest takeaways: 63% of those apps ask for the ability to post on your behalf — and 69% of them want your email address.
Secure.me founder Christian Sigl says.
”It has become second nature to connect various apps like Instagram, SocialCam, AngryBirds, CityVille, and Spotify to your Facebook ID. You just click ‘agree’ without even really knowing what you are agreeing to. What you don’t realize is that social apps linked to your Facebook profile can pretty much track your and your friends’ whole life. It doesn’t matter what your privacy settings are, the apps still get this information.”
What the app makers could do with that information beggars belief. Not only could the app developers effectively hack your Timeline and sell your email address to any unscrupulous buyer — they’re also potentially well on the way to stealing your identity. Some 30% of those apps know their users’ birthdates, which would in theory allow them to uncover their social security numbers.
The permission puts your friends at risk, too. According to Secure.me, 21% of apps — 1 in every 5 — can access the personal data of the user’s friends including friends‘ birthdays, education and work history. Some 12% of the apps can grab your location information at will.
Of course, few of us are concerned about the big name apps — the Instagrams, the Spotifys. These are companies that have won our trust. But big-name apps make up just a small portion of the 500,000 total. What do you really know about the maker of that personality test or music quiz you just posted to your Timeline?
Part of the problem, as Sigl suggests, is the fact that there’s no granularity here. You can’t initially decide which permissions the app really needs, and which go beyond its remit. You can’t give an app limited permission for a day or a week. App permissions, when they first pop up, are far too one-size-fits-all.
We reached out to Facebook, and here’s an official response from a spokesperson:
“We give people a variety of tools to control their app experiences on Facebook, and hold developers to our Platform polices. Apps must specifically request the data they need to operate, including email addresses and publishing capability."
“After a user installs an app, apps are not permitted to post to that person’s Timeline without their consent. If an app is found to be in violation of these policies, we will take action against it.”
How many Facebook apps have you given permissions to? Let us know in the comments.
COMMENTARY: It hardly surprises me that some Facebook apps are violating our privacy. The same thing has happened to iPhone apps. In a blog post dated December 28, 2010, I reported that The Wall Street Journal had conducted an investigation and discovered that 101 Apple iPhone apps was supplying private information about its users to advertisers. Both Apple and the app developers were named in a class action lawsuit.
All of the major social networks have already been investigated by the Federal Trade Commission (FTC) and were found guilty of numerous privacy violations.
- In a blog post dated March 31, 2011, I reported that Google and Twitter both agreed to 20-year sanctions and annual privacy audits after numerous privacy violations.
- In a blog post dated March 29, 2011, I reported that social-networking site LinkedIn was sued for violating users' privacy by allegedly leaking information about them to advertisers. In a complaint filed with the U.S. District Court for the Northern District of California, San Francisco resident Kevin Low alleges that LinkedIn enabled ad networks and other third parties to discover his name and connect it to tracking cookies. No word on whether that lawsuit ever went class action, dismissed or was settled amicably.
- In a blog post dated November 11, 2011, I reported that after a lengthy investigation by the FTC, Facebook agreed to 20-year sanctions and annual privacy audits after numerous privacy violations.
In a blog post dated Aprill 25, 2011, I reported that after intensifying concerns over privacy and the widening trade in personal data, a Wall Street Journal investigation discovered that Apple Inc.'s iPhones and Google Inc.'s Android smartphones regularly transmit their locations back to Apple and Google, respectively. Google and Apple are gathering location information as part of their race to build massive databases capable of pinpointing people's locations via their cellphones. These databases could help them tap the $2.9 billion market for location-based services—expected to rise to $8.3 billion in 2014, according to research firm Gartner Inc.
The propect that a Facebook app developer could steal your identity without your knowledge is terrifying. This is why I never buy anything through Facebook, buy Facebook virtual currency, because doing so would require providing my credit or debit card number. I also do not provide a lot of private information other than my name and email address. The bare minimum is my recommendation.
Courtesy of an article dated September 4, 2012 appearing Mashable
It is better to erase or not put your real information in the net to prevent chaos :). The internet security cannot be trusted because so many software and hackers are ruining your site or account info.
Posted by: Harold Klien | 01/16/2013 at 11:44 AM
That is pretty scary to think about. There needs to be like a better security system on there.
Posted by: Sally Johnson | 09/29/2012 at 11:53 AM