Researchers at the University of Iowa have developed a method that developers of– Have apps transferred that secretly pass user data on to third parties. The researchers describe the technique called CanaryTrap in a white paper entitled “Detection of data misuse by third-party apps on social networks”.
The process uses so-called honey tokens. This is incorrect data or tokens that are placed in a network. All access to this data is recorded in order to identify unwanted or harmful activities. In the case of CanaryTrap, unique email addresses were used with which the researchers registered false Facebook accounts.
To study the behavior of an app, researchers installed the application, used it for 15 minutes, and then removed it from their Facebook account. They then waited for new email messages in the mailbox, which they interpreted as confirmation that the user data had been passed on to third parties.
In addition, the researchers also used Facebook’s transparency tool “Why do I see this?”. From this, they derived whether an advertiser used the honey token email address to deliver targeted ads to the user via Facebook.
For their investigation, the researchers tested a total of 1024 Facebook apps. 16 applications passed the email addresses on to third parties. The in turn sent unwanted emails to these addresses. Of the 16 apps, seven concealed a connection to the sender of the messages. But even with the apps that referred to agreements with the senders, the messages were often unrelated to the app in question.
With the seven apps that passed on data without the knowledge of users, the researchers were also unable to determine whether it was an intentional violation of Facebook’s rules or data protection regulations or whether security gaps were responsible for the loss of data. In three cases, the addresses also received messages with dangerous or fraudulent content.
The scientists also published the research results and the associated tools on GitHub. There they are now available to other researchers under an open source license.
Facebook asked ZDNet USA not to comment. A spokesman said only that the researchers’ data was still being analyzed. The company is aware of the problem itself. Facebook has already taken action against app developers several times.
Collaboration platform Slack: work efficiently – no matter where
Before COVID-19, remote work was almost unthinkable for many companies. Today they realized that it can work very well if the general conditions are right. Find out in this webinar how you can optimally react to changing working conditions with the Slack collaboration solution.