Facebook Application Insecurities

This morning the BBC’s Spencer Kelly reported on a potential issue with Facebook Applications. In his report he stated that the BBC was able to write and publish an application to Facebook that was able to collect user data. The application then sends a list of users with personal user information to an off site server. (Not associated with Facebook.)

This application code could masquerade as a game or program used on the social networking site. They also state that a user does not need to use the application. All they would need to do is be a friend of someone who has it installed. Now I do feel that any applications hosted on a 3rd party sites is extremely very shady. All user data could potentially be offloaded onto a site. Without the user knowledge of where that data is going.

The BBC also state when using standard security settings of Facebook it may not be enough to protect you or your friends from such malicious acts.

Now I am not a developer, I do not write applications for Facebook. So when it comes to the process of submitting applications. I have no idea how they are approved.

I would think that a large company such as Facebook should show a bit more social responsibility. If there isn’t an application process for developers. Maybe there should be! All source code for applications should be made public. (If it already isn’t being done!)

To protect yourself a bit more on the site I would suggest a few things.

1. Use initials instead of your full name! (BP. Wilson)
2. Its ok to not be exact when giving your date of birth!
3. There is no need for the entire world to know where you work!
4. Last time I checked my mobile number was private. I believe yours should be also!
5. Ignore any applications request. (Until they address this issue!)

If Facebook isn’t going to show a little responsibility in protecting its users. We all need to do our part in protecting ourselves.