16 Facebook apps were caught red-handed by CanaryTrap tool


Cornell University academics launched a CanaryTrap tool for detecting data misuse: 16 Facebook apps caught recording personal emails

Facebook apps track emails

Facebook apps track emails

A group of academics[1], namely Shehroze Farooqi, Maaz Musa, Zubair Shafiq, and Fareed Zaffar, from Cornell University in Ithaca, New York, has found a fully functional software for detecting data misuse by third-party apps on social networks like Facebook, Twitter, TikTok, and others. 

Dubbed CanaryTrap[2], the application has already been used for the analysis of Facebook apps. According to the researchers, CanaryTrap registered 16 Facebook apps actively recording user’s personal information and sharing personal email addresses with affiliated third-parties. 

1,024 Facebook apps have been tested. Using the CanaryTrap, academics can plant fake data (users don’t see it) to the social network and can see the apps’ connection and relations with the positioned data. The analysis revealed that some applications violate the privacy policy and may be collecting personal information required for spam distribution and targetted attacks. 

The CanaryTrap caught 16 Facebook apps red-handed due to the unauthorized collection and sharing of people’s personal email addresses. 9 of these were indicated a clear affiliation with some parties and 3 of them were proved to be connected to a spam campaign, i.e. 79 people found spam emails in their inbox associated with the previously installed Facebook app. 

TikTok comments on its clipboard data accessibility after the CanaryTrap foundings

TikTok is yet another trendy social networking platform for mobile devices. Developed by Beijing, China, based company Zhang Yiming in 2012, TikTok is now experiencing the surge in popularity[3], which has been accelerated by the worldwide pandemic and the need for live interactions. 

Just like most of the social platforms, TikTok is under the magnifying glass due to various privacy concerns. At the time being, TikTok has been asked to explain the unpermitted access to the clipboarddata[4] on users’ devices. According to Roland Cloutier, the chief security officer, the app received an update for iOS devices for improving the anti-spam feature. The feature requires access to the clipboard data. Upon the accusations, Cloutier posted an official report on the TikTok’s news insisting that clipboard data is not shared with any parties and claimed that the subsequent update will remove this data accessibility.

Are social networking platforms capable of managing the massive influx of personal information? 

The need to protect privacy was always a top priority. However, the massive influx of personal information[5] that took place in 2010 with the surprising popularity of Facebook, Instagram, Twitter, Snapchat, and other social networking platforms. 

Unfortunately, the rising popularity in social networks, data storage in the cloud, and, in general, the switch to the digital world was always led by criminals who were always quick to obtain flaws and ways to earn easy money from blackmailing people or using their personal data for crimes like spamming or ransomware attacks. 

In fact, one wrong decision of the platform administrators can cause privacy violations and have a painful experience for the associated person. Luckily, organizations are putting much effort and finances to control the developers and companies to ensure users’ privacy protection in this technological era. 

It seems that the measures are not fruitless. The recent (2019) European Union’s General Data Protection Regulation (GDPR)[6] has already made many problems for the tech giant Google that has been fined €50 million fine due to the privacy watchdog’s note that the company is not properly informing users about the collection and use of their personal data. 

In the meantime, the US Federal Trade Commission (FTC) fined Facebook $5 billion (€4.43 billion) for Facebook’s handling of user data and privacy lapses.[7] There are many other examples of law infringements that follows the new Privacy Policy regulations that roughly started emerging a couple of years ago.

Whether social networking platforms are strong enough to ensure people’s privacy is an open question. However, it’s obvious that tech giants like Facebook are taking it seriously and building a bridge into safe networking. In 2019 Mark Zuckerberg posted “A Privacy-Focused Vision for Social Networking”[8] and listed the following scopes for his platform – private interactions, encryption, reducing permanence, safety, interoperability, secure data storage.