Despite its best damage-control efforts, Facebook is still dogged by its checkered past on data privacy. But at least some of the security mechanisms the company has put in place are catching problems—and helping them get fixed. Facebook said on Friday that in 2019 its bug bounty saw its largest number of accepted bugs since the program launched nine years ago, paid out its highest single reward ever, and began inviting select researchers to evaluate new features before they launched.
Facebook has consistently expanded its bug bounty over the past few years, adding extra incentives and extending its scope to reward researchers for submitting bugs in other applications' code that impact Facebook's platform or users. Bug bounties aren't a panacea. But Facebook's has been rewarding bug hunters for important work, including a finding that impacted up to 9.5 million of the social network's users.
In October, researchers from Indiana University led by Luyi Xing reported an issue related to third-party software-development kits that developers had incorporated into various Android and iOS mobile apps. As first reported in November, these packaged development tools were siphoning data from users including their names, gender identifications, and email addresses. The rogue SDKs could also lift some Facebook account data from apps that let people log in with their Facebook credentials. The researchers also facebook bounty caught stealing spree
