Are You Logging In With Facebook Safely? - MobileAppDaily
Social Media

Are You Logging In With Facebook Safely?

The Facebook's login API can land you in trouble

Are You Logging In With Facebook Safely?

Now, Facebook is ruling the social media landscape for a pretty long time and its dominance is still intact. Though the social media giant got entangled in a couple of controversies lately and even lost many of its users, but with more stern guidelines, Facebook aims to win back the trust of its existing users and industry experts.

In an attempt to infuse more trust in their user community, Erin Egan, VP and Chief Privacy Officer, Policy and Ashlie Beringer, VP and Deputy General Counsel said in a blog post, “It’s important to show people in black and white how our products work – it’s one of the ways people can make informed decisions about their privacy. So we’re proposing updates to our terms of service that include our commitments to everyone using Facebook. We explain the services we offer in the language that’s easier to read. We’re also updating our data policy to better spell out what data we collect and how we use it in Facebook, Instagram, Messenger and other products.”

In between all this, there still remains a concern of Facebook's profile sharing. Due to its popularity, the Facebook's login API, which can be carried forward to log in to many other apps and websites. For instance, while login to apps like Spotify, Tinder, Airbnb, and many of the gaming profiles, you can log in with your Facebook's login API.

At first, these logins looks safe, but what about websites and apps that look dubious and you still want to get into it. Is logging in with Facebook profile safe? As per a researched report by Princeton University, doing it can pose security risks for the users.’

log in to facebook

To support their claims of safety breach, three researchers, Steven Englehardt, Gunes Acar, and Arvind Narayanan, did an in-depth analysis and came up with loopholes in how hackers and third-party tracking scripts can exploit Facebook's login API without the users' knowledge. The tracking scripts exhibit a glimpse of invisible tracking technology that can get behind the curtains and rob the people of their personal information and as well as, their profile credentials.

“We never thought this was possible. It was really surprising,” says Acar, one of the researcher. "This is tapping into a social API, which you are not expected to—but this sounds a bit beyond the line."

One such breach was reported last month only when a bug hit almost 14 million Facebook users to have their new posts inadvertently set to public. Facebook immediately acknowledged the glitch and even released a press release for the same. Nevertheless, the breach didn’t compromise any of the users’ personal detail but was scary enough.

“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts. We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time," Erin Egan, Facebook's chief privacy officer, said in a statement. "To be clear, this bug did not impact anything people had posted before—and they could still choose their audience just as they always have. We’d like to apologize for this mistake."

Another such blow that Facebook experienced was the data theft by Cambridge Analytica. In this scam, the personal information of about 87 million people was shared with third-party companies. The transgression was made by a simple trick of a personality test app.

cambridge facebook issues

The Princeton University research further unearthed that when we connect to a website through our Facebook’s profile, there are third-party trackers that directly share your data. The information may include username, phone number, email address, age, friend list, birthday, and every other information that the site requested to access. Moreover, the study established the fact that such a tracking script was present on 434 of the web's top one million websites. Although all of them may not have indulged in data theft, but the script is indeed active on these websites.

One thing was clear that these websites did gather the user ID, personal name, and email id. Though these details may not sound threatening, still with the unique ID of the user, he can be tracked easily on Facebook and other websites also.

After Princeton published their research online, Facebook came to its rescue and said it would suspend this ability.

“Scraping Facebook user data is in direct violation of our policies. While we are investigating this issue, we have taken immediate action by suspending the ability to link unique user IDs for specific applications to individual Facebook profile pages, and are working to institute additional authentication and rate limiting for Facebook Login profile picture requests," a Facebook spokesperson said in a statement.

facebook terms and policies

The Princeton study has certainly underlined the threat of logging in with the Facebook ID. So, to stay away from any such breach, try not to connect with Facebook on websites which you don’t visit often and if other ways of login are offered by the website, try that rather than sparking a chance of compromising the data. Above all, try to stay away from websites that act fishy or doesn’t seem to be genuine.

Interestingly, Facebook tossed up an idea in 2014 to create Anonymous Facebook Login for its users,’ "a way to log into apps without sharing any personal information from Facebook." But due to unknown reasons, the idea dissolved deep down the lane.

Then there comes the boon of an ad blocker. These ad blockers cut off the access of a lot of tracking scripts that may access the information. Sadly, the Princeton researchers didn’t dig into this aspect, but something is better than nothing.

My personal advice to you is, always stay alert and don’t to get into any cryptic stunt.

Read More About:

Tanya <span>Editor In Chief</span>
Written By
Tanya Editor In Chief

She is a content marketer and has more than five years of experience in IoT, blockchain, Web, and mobile development. In all these years, she closely followed the app development, and now she writes about the existing and the upcoming mobile app technologies. Her essence is more like a ballet dancer.

Social Media

Instagram Now Allows You To Join Your Friend

4 min read  

Instagram is expanding its live broadcasting service with a new update which makes going live with friends on the platform easier. The Facebook-owned social media platform added a request button that appears during a live video to join your friends live video. However, Instagram previously added the

Social Media

WhatsApp Extended The 'Delete For Everyone' Time Duration In Beta

4 min read  

WhatsApp, the messaging app has extended the time duration for ‘Delete for Everyone’ feature. The feature allows the user to delete any sent message within the window of 7 minutes. This means if you have mistakenly sent a message and wanted to delete it then you have only 7 minutes to un

Social Media

Facebook's Apps For Groups Platform Recurs

4 min read  

After thumping with Cambridge Analytica scandal, Facebook was up with a number of measures to withhold the damage that included API’s lockdown and restrictions on many others. Even Mark Zuckerberg, Founder, and CEO of Facebook apologized publicly and pledged to rake up all the privacy policies

Social Media

Facebook Launches Marketplace For Cars With Dealers and Blue Book Pricing

4 min read  

Buying a car has never been easier with Facebook’s latest search filters for its Marketplace for vehicles. The New Mobile App Technology powered search filters enable users to find a ride with a specific type make, model, mileage, transmission, and more from both people and car dealerships lik