Mobile Security Featured Article
February 10, 2014

Rogue Apps Can Lock Out Mobile Facebook Users


By David Delony
Contributing Writer

The privacy app maker MyPermissions has uncovered a major bug in Facebook’s mobile app that prevents users from revoking permissions from Facebook apps.

“Think about it like this: you download an app that promises to do one thing, but actually comes from a hacker who wants to seriously invade your privacy by mining your data,” Genevieve Cenower wrote on a company blog post. “Given the right coding, this developer could trigger the same effect, basically making it impossible for a user to disconnect this malware app and revoke its permission to access your personal information.”

The bug goes deeper than simply being unable to revoke access. It’s possible for a rogue app to deny a user access to the social networking site completely.

“We have a former hacker that works for us,” MyPermissions CEO Olivier Amar told Yahoo News. “He told us that this is something he absolutely would have used and that the code could be replicated in less than hour.”

What they were able to do was shocking.

“We shut down the biggest Facebook applications permissions pages on mobile,” he said. “We were literally doing it 50-100 applications at a time. Within the space of 30 seconds, we could shut down 100 applications at a time,” he said.

When MyPermissions uncovered the problem, they immediately reported it to Facebook. 

“They did a fantastic job of getting in touch with us very quickly. Facebook takes this very seriously, and I’m very impressed by them,” Amar said.

Facebook’s cooperation might seem a bit odd, since MyPermissions is intended to help users protect their information from services like Facebook.

In any case, users should be very careful to only allow apps they really trust access to their Facebook accounts. With even apps listed on Google Chrome’s store selling ads without telling their users, it might even pay to be suspicious of even “official” apps for the time being.




Edited by Cassandra Tucker

Article comments powered by Disqus
  • Mobile Security - LinkedIn
  • Mobile Security - Youtube
  • Mobile Security - Facebook
  • Mobile Security - Twitter
  • Mobile Security - RSS Feed

Request a Demo

Weekly Demonstration: SAP Mobile Secure
Solution including SAP Afaria Cloud

Free 30-day Trial

Best MDM in the cloud. Best MDM
Analytics. Best MDM price.

From the Experts

HCL Talks Mobile Security, Management in a Hosted Model, Part 1

By now, most enterprises should be familiar with the BYOD (bring your own device) trend. But just because companies have heard of BYOD, doesn’t mean they understand its full implications...

Verizon Exec Discusses the Evolution of Mobile Security, Part 1

2007 was only six years ago, but our world was a very different place. We had a different president in the White House, the sports world had never heard of Biogenesis, and the word “smartphone” had not become mainstream...

Mobile Content Management: Best Practices

There’s no denying that we live in an increasingly mobile, connected world. When I leave the office at night, I check my work e-mails on my personal smartphone, and I fire up my laptop to write stories...

SAP Provides Mobile Security Management for Protecting Corporate Apps, Content and Devices

Studies show that 80 percent of workers need access to work documents outside the office, while 66 percent of workers use some kind of consumer file transfer tools, like e-mail or iTunes, to move work documents to their mobile devices...

Featured Whitepapers

Securing Mobile Apps in a BYOD World

We have recently witnessed a major disruption in corporate computing, driven by the adoption of new mobile operating systems and bring-your-own-device (BYOD) environments. As enterprise IT organizations struggle to support new mobile strategies, they must comply with government regulations and internal security policies. With over 80% of North American enterprises supporting e-mail, calendar, and contact information on mobile devices, it has become clear that the devices can boost productivity and competitive advantage.

Protect Your Enterprise by Securing All Entry and Exit Points

How Enterprise Mobility Management Addresses Modern Day Security Challenges

Featured Datasheets

Secure Enterprise Apps in Seconds across Managed and Unmanaged Mobile Devices

Security concerns can slow the momentum toward mobile computing. Whether your enterprise is deploying third-party mobile apps or developing them internally, they must be locked down tight. That's not easy with users bringing their own mobile devices, downloading their own apps, mixing personal and business content, and carrying confidential business data outside of corporate protection. Learn how you can take control and secure your enterprise apps in seconds.

Protect Your Business with Full Mobile Security

A Robust, Integrated Set of Leading Security Solutions Helps Ensure a Risk-Free Work Environment

Featured Podcast

Mobile Drives Field Service Productivity at Satellites Unlimited

Enterprise Apps overcoming Insecurity. The pros/cons of containerization/wrapping?

Part  1 Highlights:

  • What is App Wrapping and why do enterprises securely benefit?
  • Sharing can lead to bad mobile etiquette in multi-OS environments
  • Policy and Compliance during Development and Deployment
  • Regulated Mobility for protecting Corporate IP

Part 2 Highlights:

  • Complexity of large scale multi-OS Security
  • Data at Rest Encryption and Single Sign on (SSO) usage for Mobile Security
  • Impact of MDM with App Wrapping
  • Evolution of Mobile Information Management

Part 3 Highlights:

  • Role of EMM suites, securing the heterogeneous mobile enterprise
  • SAMSUNG KNOX, Containerization of Android
  • iOS 7, More Evolved App Security
  • BYOx, secure control over devices, content and apps

Featured Webinars

Mobile Drives Field Service Productivity at Satellites Unlimited

SAP and Amazon Web Services Deliver Enterprise Mobility

You are invited to learn how businesses like yours can quickly and securely gain mobile productivity through managing an ever increasingly mobile workforce on the Amazon Web Services (AWS) Cloud.

Mobile Drives Field Service Productivity at Satellites Unlimited

SAP Afaria Cloud Edition and SAP Mobile Secure in the Amazon Web Services Cloud

You are invited to learn how businesses like yours can quickly and securely gain mobile productivity through managing an ever increasingly mobile workforce on the Amazon Web Services (AWS) Cloud.

Mobile Drives Field Service Productivity at Satellites Unlimited

Mobile Drives Field Service Productivity at Satellites Unlimited

Field service has never been more competitive or faster changing than it is today. Going mobile is a must to stay ahead of the competition, provide improved services, and keep up with ever-increasing customer expectations.

Featured Videos

Featured Infographics

Featured Press Releases