Are You Logging In With Facebook Safely? - MobileAppDaily
Social Media

Are You Logging In With Facebook Safely?

The Facebook's login API can land you in trouble

Are You Logging In With Facebook Safely?

Now, Facebook is ruling the social media landscape for a pretty long time and its dominance is still intact. Though the social media giant got entangled in a couple of controversies lately and even lost many of its users, but with more stern guidelines, Facebook aims to win back the trust of its existing users and industry experts.

In an attempt to infuse more trust in their user community, Erin Egan, VP and Chief Privacy Officer, Policy and Ashlie Beringer, VP and Deputy General Counsel said in a blog post, “It’s important to show people in black and white how our products work – it’s one of the ways people can make informed decisions about their privacy. So we’re proposing updates to our terms of service that include our commitments to everyone using Facebook. We explain the services we offer in the language that’s easier to read. We’re also updating our data policy to better spell out what data we collect and how we use it in Facebook, Instagram, Messenger and other products.”

In between all this, there still remains a concern of Facebook's profile sharing. Due to its popularity, the Facebook's login API, which can be carried forward to log in to many other apps and websites. For instance, while login to apps like Spotify, Tinder, Airbnb, and many of the gaming profiles, you can log in with your Facebook's login API.

At first, these logins looks safe, but what about websites and apps that look dubious and you still want to get into it. Is logging in with Facebook profile safe? As per a researched report by Princeton University, doing it can pose security risks for the users.’

log in to facebook

To support their claims of safety breach, three researchers, Steven Englehardt, Gunes Acar, and Arvind Narayanan, did an in-depth analysis and came up with loopholes in how hackers and third-party tracking scripts can exploit Facebook's login API without the users' knowledge. The tracking scripts exhibit a glimpse of invisible tracking technology that can get behind the curtains and rob the people of their personal information and as well as, their profile credentials.

“We never thought this was possible. It was really surprising,” says Acar, one of the researcher. "This is tapping into a social API, which you are not expected to—but this sounds a bit beyond the line."

One such breach was reported last month only when a bug hit almost 14 million Facebook users to have their new posts inadvertently set to public. Facebook immediately acknowledged the glitch and even released a press release for the same. Nevertheless, the breach didn’t compromise any of the users’ personal detail but was scary enough.

“We recently found a bug that automatically suggested posting publicly when some people were creating their Facebook posts. We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time," Erin Egan, Facebook's chief privacy officer, said in a statement. "To be clear, this bug did not impact anything people had posted before—and they could still choose their audience just as they always have. We’d like to apologize for this mistake."

Another such blow that Facebook experienced was the data theft by Cambridge Analytica. In this scam, the personal information of about 87 million people was shared with third-party companies. The transgression was made by a simple trick of a personality test app.

cambridge facebook issues

The Princeton University research further unearthed that when we connect to a website through our Facebook’s profile, there are third-party trackers that directly share your data. The information may include username, phone number, email address, age, friend list, birthday, and every other information that the site requested to access. Moreover, the study established the fact that such a tracking script was present on 434 of the web's top one million websites. Although all of them may not have indulged in data theft, but the script is indeed active on these websites.

One thing was clear that these websites did gather the user ID, personal name, and email id. Though these details may not sound threatening, still with the unique ID of the user, he can be tracked easily on Facebook and other websites also.

After Princeton published their research online, Facebook came to its rescue and said it would suspend this ability.

“Scraping Facebook user data is in direct violation of our policies. While we are investigating this issue, we have taken immediate action by suspending the ability to link unique user IDs for specific applications to individual Facebook profile pages, and are working to institute additional authentication and rate limiting for Facebook Login profile picture requests," a Facebook spokesperson said in a statement.

facebook terms and policies

The Princeton study has certainly underlined the threat of logging in with the Facebook ID. So, to stay away from any such breach, try not to connect with Facebook on websites which you don’t visit often and if other ways of login are offered by the website, try that rather than sparking a chance of compromising the data. Above all, try to stay away from websites that act fishy or doesn’t seem to be genuine.

Interestingly, Facebook tossed up an idea in 2014 to create Anonymous Facebook Login for its users,’ "a way to log into apps without sharing any personal information from Facebook." But due to unknown reasons, the idea dissolved deep down the lane.

Then there comes the boon of an ad blocker. These ad blockers cut off the access of a lot of tracking scripts that may access the information. Sadly, the Princeton researchers didn’t dig into this aspect, but something is better than nothing.

My personal advice to you is, always stay alert and don’t to get into any cryptic stunt.

Read More About:

MAD Team
Written By

MobileAppDaily host a team of experienced technical writers, industry wizards, and app experts who have an exact knack of content that caters to the needs of the mobile app targeted audience. We strive to bring you the best of tech!

Top Companies

Dot Com Infoway
New York, USA
M&C Saatchi Mobile
New York City, USA
New Delhi, India
London, UK
View full report

Latest Articles

Join our global community 135K Followers
Social Media

Instagram Is Persistently Adding More Features To Its Platform

MAD Team 4 min read  

According to Facebook-owned video-sharing social networking service, the number of Instagram Stories daily active users has reached almost double to that of its rival, Snapchat. With a total user base of 1 billion, Instagram has 400 million daily users who are using the Stories feature daily.The

Social Media

Facebook Didn't Get NFL Streaming Rights: Here is What We Know So Far

MAD Team 4 min read  

Facebook didn’t win the live streaming of NFL games but it has successfully secured the live streaming of Football match for its users. Facebook announced the deal last Wednesday. The deal was made with Stadium, the 24/7 digital sports broadcaster. As per the deal, Facebook will live stream 15

Social Media

Facebook, Facebook Messenger and Instagram are Coming With Cross App Notification Feature

MAD Team 4 min read  

Mobile app world is witnessing quick change and transformation, it's like things are enhancing every minute. Every app is in making something new that ultimately attract the user with its functionality. Social media apps are the one taking initiative with their small tweaks and experiments every

Social Media

Instagram Adds Support For Third Party Android Apps Providing Two-Factor Authentication

MAD Team 2 min read  

Instagram, takes the users' security seriously for not repeating the mistakes of its parent company. The social media platform has been working on a new feature for months and now finally released it. Instagram now, supports the third-party authentication apps like Google Authenticator and Duo M