The Next Web is reporting that a possible flaw with Facebook could pose a risk to your data. Sources say that the flaw prevents people from changing their permission settings for mobile apps on a mobile device. Here’s what we know so far about this developing story…
1. A Startup Reported the Flaw
— MyPermissions (@mypermissions) February 6, 2014
A startup called MyPermissions brought the flaw to the attention of The Next Web. MyPermissions CEO Olivier Amar says his company also submitted the flaw to Facebook’s White Hat program.
MyPermissions has a blog entry about the alleged Facebook flaw on its official site.
2. Facebook Is Investigating
Facebook flaw allegedly prevents you from revoking app permissions on mobile http://t.co/BYyXeGc3Hm
— Matt Navarra (@MattNavarraUK) February 6, 2014
When The Next Web reached out to Facebook for a quote, the company declined to comment. According to information on The Next Web:
“We have also contacted Facebook for more information but the company declined to comment as the issue is currently under investigation. Facebook dill [sic] tell us, however, that it hasn’t been able to reproduce the behavior yet and is in contact with MyPermissions to investigate the claims.”
3. Hackers Could Exploit This Flaw
MALWARE ALERT: Hackers target Candy Crush Saga players on Facebook – http://t.co/V4Y4hKFyLt – RT to spread the word!
— Norton (@NortonOnline) February 4, 2014
The alleged Facebook app permissions flaw could potentially allow hackers access to prevent users from revoking app permissions on mobile. As the MyPermissions team explained on their blog entry:
“Think about it like this: you download an app that promises to do one thing, but actually comes from a hacker who wants to seriously invade your privacy by mining your data. Given the right coding, this developer could trigger the same effect, basically making it impossible for a user to disconnect this malware app and revoke its permission to access your personal information.”
Facebook is often a target for hackers. Earlier this week, Facebook players of the popular game Candy Crush Saga were targeted by malware.
4. A Large Number of Mobile Facebook Users Could Be Affected
According to a recent article on TechCrunch, nearly half of the people who use Facebook on a daily basis do so exclusively from their smartphones. That means that if this mobile app permissions flaw is as bad as some experts believe, a huge portion of Facebook’s users could be at risk. Given what a cash cow Facebook’s mobile advertising has been, any loss of user confidence among Facebook’s mobile users could hurt the company’s bottom line.
5. Finding This Flaw Could Result in a Payday
Interview: Reginaldo Silva – Largest Facebook bug bounty reward ever http://t.co/M8avWApGf1
— m0sa (@m0sa) February 5, 2014
On a happier note, the people who brought this potential flaw to Facebook’s attention might be eligible for a big, fat check. Facebook recently paid $33,500 as a bug bounty to Reginaldo Silva, a computer engineer in Brazil. According to PC World, the bug Silva found was related to Open ID.