Harmful Android SDKs accessed your Personal Data on Facebook & Twitter

Facebook and Twitter have been rocked by Malicious Android Software Development Kits(SDKs) after the Cambridge Analytica Scandal. These SDKs integrated with thousands of Android apps through the connected social media accounts(Facebook&Twitter) and illegally accessed the user’s personal data.

Twitter found out that an SDK developed by OneAudience contains a privacy-breaching code. This enabled the malicious android SDK to transfer some personal data of its user’s to the OneAudience servers. Similarly, Facebook is investigating an SDK from Mobiburn. This Android SDK is alleged to have shared the user data to data collection firms through certain Facebook-connected apps.

Generally, third-party SDKs used for advertising are not intended to access personal information, password, or secret access tokens created during “Login with Facebook” or “Login with Twitter” method. However, Malicious SDKs from  OneAudience and Mobiburn allegedly have the ability to unauthorizedly scrape user data. This data is utilized with advertisers for targeted ad marketing.

How is Facebook and Twitter dealing with the Malicious Android SDKs?

Twitter asserts that, ‘This vulnerability is not in their software, but it is a lack of isolation between SDKs  with  an application.’ Twitter has notified Google and Apple about the malicious SDKs.  It also advises users to avoid third-party app stores for downloading apps.

Facebook, on the other hand, has removed the infected apps from its platform for blatantly violating its regulations.Facebook states that, ‘Security analysts discovered two harmful apps from OneAudience and Mobiburn. They paid the developers to integrate malicious SDKs  in a plethora of apps available in popular apps stores.’

OneAudience’s Response:

OneAudience responded to these allegations by shutting down its SDK. It also gave a statement saying, ‘this data was never included in their database, never meant to be collected and used.’

Both social media platforms will be informing the affected users soon. Leading information security experts advise users to follow these helpful tips and secure their data:

1. Safeguard your computing devices with good Computer security or Mobile security
2. Use official app stores from Authorised developers – Google/Apple/Microsoft etc to download apps.
3. Avoid connecting your social media accounts like Facebook & Twitter to third-party malicious apps.