Reply to post: Where are all the so-called "security researchers" right now?

Nervous Facebook CEO Mark Zuckerberg passes Turing Test in Congress

Anonymous Coward
Anonymous Coward

Where are all the so-called "security researchers" right now?

I am an avid follower of the security blogs of the major security firms which go into great detail about the technical breakdown of malicious applications found on the Google Play store and third party app hosting sites.

I have been following the Facebook Graph debacle when I first learned of it's existance and functionality while doing my own research of dodgy apps that were pushed at me for well over a year.

I have direct evidence of applications abusing Facebooks API by advertising SDK's based in China and elsewhere that hijack the users shared Facebook links that redirect to fraudulent and/or malicious app sites or to trick users with fake virus warnings to download even more dodgy apps.

I have seen countless numbers of apps on third party app hosting sites that have been modified with malware and then repackaged and resigned that contain Zucks infamous Graph API.

I have seen so-called "antivirus" apps that had access to the users private data BEFORE it had been encrypted by Whatsapp and other privacy related communications apps by traversing protected folders or reading logs containing sensitive data such as usernames and passwords or gaining higher priviledges by becoming Device Administrators or abusing Accessibilty permissions or attempting to gain Superuser privileges.

And yet all the security firms that taught me how to test applications to protect myself are now strangely silent.

Could it be because they too are guilty of the same things I just spoke of?

It appears that the companies that are supposed to protect the average user has once again let us down and now Facebook has shifted the task of proving abuse of user data onto the average user themselves.

https://www.theregister.co.uk/2018/04/10/facebook_look_at_our_latest_shiny_thing_that_proves_were_taking_this_seriously/

"The programme - which offers a minimum of $500 (and no maximum) for cases that prove to be true - will reward people who can prove an app has slurped up users’ data for nefarious means."

It looks like I am going to be a very busy person for the next few months reporting what I've been seeing over the last year or two and should pocket quite a tidy sum while I'm at it.

What I find odd is that each Facebook abusing app I've tested all have a unique API signature which makes it easy for Zucherburg to be tracking this abuse himself.

Could it be he is not being upfront to members of congress?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022