After using their accounts to log into specific Android apps downloaded from the Google Play store, Twitter and Facebook noted that the personal information of hundreds of users might have been accessed improperly. The tech firms received a report from researchers who came across the oneAudience software development kit (SDK) that provided third-party developers with access to personal information, CNBC reported.
Twitter noted that it would be informing affected users, and has let Google and Apple know about the flaw so they can take additional action. Lindsay McCallum, a Twitter spokeswoman, said per the report, “We think it’s important for people to be aware that this exists out there, and that they review the apps that they use to connect to their accounts.”
A spokesperson for Facebook said in a statement regarding the disclosure on Monday (Nov. 25), according to CNBC, “Security researchers recently notified us about two bad actors, oneAudience and MobiBurn, [which] were paying developers to use malicious [SDKs] in a number of apps available in popular app stores. After investigating, we removed the apps from our platform for violating our platform policies, and issued cease and desist letters against oneAudience and MobiBurn.”
Twitter continued, “We plan to notify people whose information we believe was likely shared after they had granted these apps permission to access their profile information, like name, email and gender. We encourage people to be cautious when choosing which third-party apps are granted access to their social media accounts.”
In separate news, a report surfaced in August that a security firm discovered that dozens of fraudulent Android adware apps have been downloaded over 8 million times from the Google Play store. Security firm Trend Micro said at the time that it discovered 85 individual apps that were disguised as games and photo-editing apps, and had ads that would take over users’ screens as part of a money-making scheme. All the fraudulent apps had since been removed from the Google Play store, per the report.