Logo

Logo

Facebook sues OneAudience for harvesting users’ data via third-party app

Security researchers first flagged OneAudience’s behaviour to Facebook as part of its data abuse bounty programme

Facebook sues OneAudience for harvesting users’ data via third-party app

Facebook main webpage on Google Chrome. (Photo: iStock)

Social media giant Facebook on Thursday filed a lawsuit in California court against a NewJersey-based firm OneAudience for allegedly harvesting its users’ data.

In the lawsuit, Facebook alleged that OneAudience paid app developers to install a malicious Software Development Kit (SDK) in their apps.

“After a user installed one of these apps on their device, the malicious SDK enabled OneAudience to collect information about the user from their device and their Facebook, Google, or Twitter accounts, in instances where the user logged into the app using those accounts,” read the lawsuit.

Advertisement

Security researchers first flagged OneAudience’s behaviour to Facebook as part of its data abuse bounty programme, which forced affected companies to take the case to the enforcement agencies.

“Facebook’s measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate,” said Jessica Romero, Director of Platform Enforcement and Litigation.

“This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users,” she added.

In a similar incident in November last year, social media majors Facebook and Twitter had admitted that data of hundreds of users was improperly accessed by some third-party apps. These apps were available on Google Play Store.

Security researchers discovered that the One Audience and Mobiburn software development kits (SDK) provided access to users’ data, including email addresses, usernames, and recent tweets, on both the platforms.

Facebook has sued several third-party platforms in the recent past for scrapping users’ data, including Israeli surveillance vendor NSO Group that sells malicious software Pegasus to government agencies.

(With input from agencies)

Advertisement