Facebook Sues Analytics Firm Over “Malicious” SDK

Facebook Sues Analytics Firm Over “Malicious” SDK

Facebook has filed a lawsuit in California against a data analytics company it claims has illegally accessed user data.



New Jersey-based OneAnalytics allegedly paid app developers to install a malicious software development kit (SDK) in their apps. This was designed to harvest information including name, gender, email and username of users logging in to the apps with their Facebook credentials, the social network claimed.



“Security researchers first flagged OneAudience’s behavior to us as part of our data abuse bounty program. Facebook, and other affected companies, then took enforcement measures against OneAudience,” wrote the firm’s director of platform enforcement and litigation, Jessica Romera.



“Facebook’s measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate.”



The firm is said to have done the same to Twitter and Google users. Twitter claimed in a notice that the issue was down to “a lack of isolation between SDKs within an application.



“Our security team has determined that the malicious SDK, which could be embedded within a mobile application, could potentially exploit a vulnerability in the mobile ecosystem to allow personal information (email, username, last Tweet) to be accessed and taken using the malicious SDK,” it explained.



“While we have no evidence to suggest that this was used to take control of a Twitter account, it is possible that a person could do so.”



In a statement back in November, OneAudience said that it was shutting down the offending SDK.



“Recen ..

Support the originator by clicking the read the rest link below.