back to article Stop us if you've heard this one: Facebook and Twitter profiles silently slurped by shady code

Twitter and Facebook on Monday claimed some third-party apps quietly collected swathes of personal information from people's accounts without permission. The antisocial networks blamed the data slurp on what they termed a pair of "malicious" software development kits (SDKs) used by the third-party iOS and Android apps to …

  1. Snake Silver badge

    You are right...

    we've all heard this before. But will people wean themselves off of Faceplant (because that's what you'll end up doing to yourself, sooner or later) or Twatter?

    No. Because, like fake news, the facts don't matter, only who is telling it. And since good old Facetitter always says they have your backs, why should the great unwashed turn those dusty, abused backs away from them?

    Corporations and laissez-faire are good, after all.

    ...watching society burn itself down is becoming a sad but constantly interesting read.

    1. seven of five

      Re: You are right...

      It will be most interesting (probably not entertaining, though) to see what the revolution will be like and how it will happen. And whether these who stood outside[1] these networks will survive. Interesting times ahead, certainly.

      [1] yes, I know, not signing up with them does not imply they do not have an account on you, now wheres my tinfoil hat?

  2. lordminty

    Theft? Freely given away shurely?

    "This latest incident brings back memories of the largest of those data thefts: the 2016 collection of Facebook information by political marketing strategists at Cambridge Analytica."

    When people give data away freely it's not theft. When people use dodgy Facebook apps to impress their so-called friends and boast abou having a particular type of personality, it's not theft.

    Just saying.

    1. Dan 55 Silver badge

      Re: Theft? Freely given away shurely?

      Facebook's twisty maze of passages that look all alike (their user privacy options) and their lack of permission checks on their API means that everything's up for grabs, but Facebook being like a bank with a cardboard safe door spray-painted grey still wouldn't change the fact that money's been stolen.

    2. Robert Helpmann??

      Re: Theft? Freely given away shurely?

      When people give data away freely it's not theft. When people use dodgy Facebook apps to impress their so-called friends and boast abou having a particular type of personality, it's not theft.

      Lack of informed consent over something an individual should have control over might not be theft, but it is inherently dishonest. Perhaps creating laws pertaining to online situations that are similar to those surrounding the concept of attractive nuisance is an appropriate response.

    3. Clunking Fist

      Re: Theft? Freely given away shurely?

      Don't forget the 2012 GIFTING of data by Facebook to the Obama campaign, or you'll look partisan.

  3. Pascal Monett Silver badge

    "MobiBurn only facilitates the process"

    Yes, we get it. You're not the criminal, you're just the guy who picked the lock and let the criminals in.

    Sorry, that does not wash. You admit yourself that you facilitated - a judge would call that complicity.

    In any case, once again the problem is malware coming in via ads. Ads are a scourge to security and privacy. Block them, ban them and boycott them until the ad industry gets it shit in order.

    1. Doctor Syntax Silver badge

      Re: "MobiBurn only facilitates the process"

      "a judge would call that complicity."

      If only that could be arranged.

    2. Anonymous Coward

      Re: "MobiBurn only facilitates the process"

      Just like Facebook is not a publisher, it just facilitates the process....

  4. Just Enough

    We don't do it, we just make it possible to do

    "nor does MobiBurn process or store such data. MobiBurn only facilitates the process"

    Oh. That's ok then.

  5. Anonymous Coward
    Anonymous Coward

    Just how are we supposed to know...

    which companies/SDK's are "authorized" or not to collect users data?

    It's not like Facebook has been very transparent about what data has been shared and with what companies/developers.

    And from what I know it requires a Facebook account in order to notify FB of dodgy apps abusing users social media data.

    It is because of this abuse that I had deleted all social media accounts long ago.

    Myself and other TCL/Alcatel device users were subjected to unwanted "updates" to our system apps where the launcher app, file manager, sound recorder and other system level apps had been modified overnight with an "update" that injected Facebook's Graph API's into these system level apps without warning or our consent.

    I only found out about this after my device started serving up fake virus warnings that threatened SIM card damage linking back to some dodgy "Antivirus/Cleaner" app on the Google Play store.

    After multiple calls and emails to Google that went nowhere I decided to try and solve this mystery on my own.

    I found that the reason Google was unable (or unwilling) to assist in this matter was that the fraudulent virus warnings were originating from the modified system apps on my own device.

    It seems that my modified file manager, sound recorder and launcher was now able to inject these fraudulent ads into the Facebook stream that hijacked the built-in browser to mimic warnings from the Google Chrome app.

    Getting nowhere with Google I then reached out to Avast that was partnered with the bogus antivirus/cleaner app only to get a liftime ban from their forums.

    And now I found that Facebook has recently partnered with the phone manufacturers ANS and Unimax.

    These two phone manufacturers are being distributed by a marketing company (Global US) to people below the poverty level through the government Lifeline program that have been installing adware/malware remotely using encrypted DEX fies, some of which are using code found on GitHub to perform surveillance similar to the Facebook app where they scan the users Wifi, NFC and Bluetooth.

    So please tell me Mark Z, just how are we supposed to know which companies/Developers are "authorized" to harvest user data and who is not?

    And who (as MobiBurn has stated) is just helping to facilitate the slurp?

  6. Anonymous Coward
    Anonymous Coward

    You choose to ride the tiger

    By default you accept the consequences thereafter

  7. Mike 137 Silver badge


    "We have informed Google and Apple about the malicious SDK so they can take further action if needed. We have also informed other industry partners about this issue."


    "Only we are allowed to snoop on you - they're infringing our prerogative"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like