Logging into third party apps with social media accounts is convenient but now we know that there is a real risk of the data being misused by the app developer
With data on Facebook and other social media sites vulnerable to third-party access without user consent, users are now left with the responsibility to make sure their profiles are not sharing too much info with other apps they may have signed in on. A look at what a user can do to protect themselves
Logging into third party apps with social media accounts is convenient but now we know that there is a real risk of the data being misused by the app developer. Facebook has allowed misuse of 50 million user profiles by a UK based voter profiling company Cambridge Analytica with alleged links to US President Donald Trump’s 2016 election campaign.
According to Facebook, the data was legally accumulated by a psychology professor Aleksandr Kogan from University of Cambridge, UK through a personality prediction research app called This is your digital life.
Users handed over their profile data along with some data about their friends without knowing how the information was going to be used by the app developer.
Facebook claims Kogan’s actions were in violation of their policies and when it learned of the violation in 2015, it removed the app from Facebook.
“The cliché thrives that humans are the weakest link in cybersecurity, and probably the primary reason for most of the data breach incidents in recent years. In many cases that holds true since we assume platforms will do the right thing which may not be the case. Today privacy has become a precursor to security. Consumers need to act accordingly and sparingly grant permissions," says Abhay Edlabadkar, CEO & founder, Redmorph, a US based privacy and security company.
Signing up in a third party app using Facebook account or any other social media account, provides the app developer access to users’ name, age, profile picture, home town, interests and the entire friend list. The App developers can access the data even after the app is removed from a user’s smartphone. With data on Facebook and other social media sites vulnerable to third-party access without user consent, users are now left with the responsibility to make sure their profiles are not sharing too much info with other apps they may have signed in on.
“Users need to take control over their online information. The convenience of not having to remember a password is what makes people use social media logins but they forget that their privacy can be comprised," says Ritesh Chopra, country manager, consumer business unit, Symantec, an online security company. He recommends checking privacy setting on all social media accounts.
Most of the social networks which allow users to login with their social media account such as Facebook, Google Plus and Twitter provide users the option to de-link third party apps and games they do not trust from their social media accounts.
For Facebook, users can revoke this access for all thrid party apps by turning off Facebook integration in Apps, Plugins and Websites section. If the concerns are limited to a particular app only user can remove the app from the Apps’ section in Account Settings. To ensure the data already gathered by developer is not misused in future, users can contact the developer from the same page and ask them to delete the data. If the app developer doesn’t comply, users can report it to Facebook via the Report App section.
To de-link apps in Google Plus, users need to go to the Apps with Google+ Sign in section in Settings. Here they can see the list of all the apps which use Google Plus to login along with the Disconnect button to end the data sharing.
Illustration by Abhijit Ahaskar
Unlike Facebook and Google Plus, Twitter doesn’t provide the option to de-link third party apps on Twitter mobile app. To access the feature users will have to go to the Apps section in the Settings & Privacy page on Twitter website. Here users can see the amount of access and app has and can put an end to it by tapping on the Revoke Access button.
Illustration by Abhijit Ahaskar
“Today, users should own their online presence by understanding the implications of loosely granting access to personal identifiable information. Since platforms update almost every day, we should revisit our privacy and third party access policy more frequently," says Venkat Krishnapur, vice president of engineering and managing director at McAfee, online security company.