Third Party Apps and The “Breachless” Breach

Our data is everywhere. Literally and figuratively. It’s simultaneously hopping oceans and crossing borders through wires while being packaged and redistributed among internet service providers, government organizations, retailers, financial institutions, medical institutions, and of course, social media providers.  We’re all familiar with data breaches when this information is intercepted and stolen. But what about a situation where we freely give our data over and that information is used in ways that we didn’t expect?

Recent news about UK-based firm Cambridge Analytica’s relationship with Facebook has generated headlines that have stirred a tumultuous conversation about the responsibilities of social media companies, app developers, and individual users in ensuring the honest use of data. The data gleaned in 2014 by Cambridge Analytica through a third party quiz app on Facebook about the users’ friends that they themselves did not allow. And, while Facebook has since updated their rules to prevent this, many third party apps are still collecting important personally identifiable information willingly – though perhaps unwittingly – from users.

Identity protection begins with an individual’s commitment to making thoughtful choices about where they use their data and what are some of the potential consequences.

What is a Third Party App?

Facebook and other social media sites use an army of “third party” apps to help expand the platform’s ability to engage their users. In fact, they’ve been an essential part of what has made many of these social media giants – well, giants. Third party apps can help making log-in processes for regularly-visited websites easier or to help personalize content you see on Facebook or other websites.  Many appear as quizzes or games that request access to photos, timeline history, email addresses, friend lists, and current location. Some of the most recently popular apps allow users to compare their profile image to famous works of art. Perennial favorites are quizzes such as “Where Should You Live?”, “Which Hogwarts House Do You Belong In?”, “What’s Your True Personality Type.”  Users agree to terms of services up front (many of which are now receiving new scrutiny).

Some apps provide services, such as grocery delivery and music downloads. Many of these apps have access to your financial information.

Where Does My Third Party App Data Go?

According to Facebook’s guidelines, third party apps can only collect data that it uses directly for the purpose of the app itself. Each app must undergo a compliance review but this leaves a potential gap in interpretation and the opportunity for abuse. In some cases, answers to online quizzes may be used by identity thieves to secure valuable data that can unlock sensitive accounts. Companies not caught early by Facebook can sell or illegally distribute personal data. According to Top10VPN’s Privacy Central, Facebook account details will fetch around $10 each on the dark web where identity thieves buy and sell the information used to commit fraud.

What Can You Do?

Review your current third party apps. Facebook offers a “privacy checkup” tutorial that assists in reviewing the settings that allow access to your data. You can access it on your mobile device by:

• navigating to the Main Menu (the three lines at the bottom right hand corner of the screen)
• Select Account Settings
• Select Privacy
• Select Check a Few Important Settings
• Click Continue
• Adjust information about posts and profile information
• Review your app settings and remove any that you no longer need.

You can access what information apps can access from a desktop here, or by:

• Navigating to the Main Menu (the triangle at the top right hand corner of the page)
• Selecting Settings
• Clicking Apps

It’s important to note that just because you remove an app from Facebook, it doesn’t automatically delete any information that they’ve already collected. From this page, you can update the personal information that apps can see.

Carefully read the privacy policy of new apps. If you’re considering playing a new game or linking an external site to your social media accounts (yes, third party apps are active on almost all networks), pause to look at what information they will be accessing. Most platforms will require a user to approve an app’s access before it becomes active. Read these details carefully and make the decision that’s appropriate for you.

Facebook continues to review and refine it’s data security and integrity policies. While your connections on Facebook can no longer grant a third party to access your data – you still can, and that has risks. Being proactive is an important first step in proactive identity protection. However, nothing is ever secure. Our identity monitoring services scour the deep and dark web looking for these stolen personal data points and alert you at the first sign of potential danger. This early warning sign allows you to take action quickly – whether it’s changing passwords, reviewing forgotten accounts of suspicious activity – and reduce your risk for costly, and time-consuming identity theft issues.