This is a significant concern for all social media users – today, Meta has reported that it’s detected 400 apps, this year alone, which offer fake features and tools that are designed to lure people to log into these apps with their Facebook credentials, which then gives developers access to their data and information.
As explained by Meta:
“Our security researchers have found more than 400 malicious Android and iOS apps this year that were designed to steal Facebook login information and compromise people’s accounts. These apps were listed on the Google Play Store and Apple’s App Store and disguised as photo editors, games, VPN services, business apps and other utilities to trick people into downloading them.”
Yeah, these apps look pretty questionable, but you can also see how, based on the promise of a cool new feature or functionality, people could be tricked into logging in with their Facebook info, in order to gain access.
“When a person installs the malicious app, it may ask them to “Login With Facebook” before they are able to use its promised features. If they enter their credentials, the malware steals their username and password. If the login information is stolen, attackers could potentially gain full access to a person’s account and do things like message their friends or access private information.”
Meta says that the majority of these scam apps are photo editors, with the rise of visual tools driving more demand for the latest features and editing updates.
But as you can see in the chart above, they’re appearing in different categories, which means that users need to remain vigilant in approving apps, and providing their Facebook log in details.
Meta says that it’s reported the apps to both Apple and Google, in the hopes of getting them removed entirely from their respective stores (Google has since reported that all of the apps have been removed), while it’s also alerting users who’ve downloaded these apps, where it can, to help improve security and/or regain access to their profiles.
Meta has also provided some security tips to help users avoid having their info hijacked by scam apps:
“Malware apps often have telltale signs that differentiate them from legitimate apps. Here are a few things to consider before logging into a mobile app with your Facebook account:
- Requiring social media credentials to use the app: Is the app unusable if you don’t provide your Facebook information? For example, be suspicious of a photo-editing app that needs your Facebook login and password before allowing you to use it.
- The app’s reputation: Is the app reputable? Look at its download count, ratings and reviews, including negative ones.
- Promised features: Does the app provide the functionality it says it will, either before or after logging in?”
Again, given the functionality promised, and the presentation of these apps, you can see how users could be duped by their promotions, and lured into signing on with their Facebook credentials. And it’s clearly a big problem – 400 apps this year alone, and those are only the ones identified by Meta’s team.
You need to be careful when using your Facebook log-in, or really any social log in option, with the understanding that hackers are trying to steal your info, however they can.
There’s no 100% foolproof way to avoid such, which is why Meta’s looking to work with Apple and Google to get them removed.
But next time you go looking for a cool photo editing app to make your Instagram posts stand out, take a second to consider before logging in.
If you believe that you’ve downloaded one of these apps, Meta advises users to delete the app immediately, reset their Facebook password and enable 2-factor authentication.