A new report from Meta indicates that the company is warning users on Facebook that third-party apps available on Google and Apple app stores may be looking to steal login credentials.
The report details that security researches working for the company have identified over 400 apps designed to steal Facebook account information. Both Apple and Google have stated that the apps have been removed from its stores.
Meta Informs Users Third-Party Apps Are Stealing Login Credentials
According to Meta, apps will disguise themselves as something beneficial to the user, but then ask the user to provide Facebook information to access features. A ruse to steal Facebook login information, Meta warns apps will offer services, such as turning yourself into a cartoon and flashlight utilities, while not actually providing any real services.
According to Engadget, Meta’s Director of Threat Disruption, David Agranovich, stated to reporters, “Many of the apps provided little to no functionality before you logged in, and most provided no functionality after a person agreed to login”.
Though many of the apps were found primarily within the Google Play Store, 47 iOS apps were found to be malicious. For Google, most of the apps were for consumer-focused activities, whereas the apps found on Apple’s App Store found more of a business focus. Known as “business utility” apps by Meta, the focus toward Apple seems lean more on tools for business.
How to Avoid This Problem
Meta does provide some solutions on how to avoid third-party apps looking to scam your information. This includes questioning apps that require Facebook information before logging in, observing the reputation of the app (download count, ratings and reviews—especially negative) and looking at the features that are promised.
Additionally, the company also provides suggestions should you find yourself with a malicious app. Along with immediately deleting the app, be sure to reset your password and create a new strong password. Users can also protect themselves by enabling two-factor authentication. Lastly, Meta also suggests having log-in alerts activated so that you may receive notifications when someone is logging into your account.
When it comes to apps, or anything: if it sounds too good to be true, it probably is. Along with Meta’s suggestions, make sure to always keep your software up to date. Of course, be wary of Meta potentially looking for your information as well.
Have you downloaded an app that tried to steal your information? Let us know in the comments.