Application security, Malware
Facebook, Twitter ban malicious SDK that removed member info
Twitter warned its users that a software development kit (SDK) developed by oneAudience could have allowed that company to obtain account information.Facebook
also posted a notice concerning not only the oneAudience SDK, but also for fellow
SDK maker Mobiburn.OneAudience confirmed
the problem and then shut down the SDK along with its associated websites but
said the data was never intended to be collected, never added to its database
and never used.“Recently,
we were advised that personal information from hundreds of mobile IDs may have
been passed to our oneAudience platform. This data was never intended to be
collected, never added to our database and never used,” oneAudience said in a statement. OneAudience’s
stated goal was to “help developers earn new revenue by enhancing app user
information into the audience insights advertisers crave.”In a statement Twitter, which described
the SDK as “malicious”, said the issue was not within its software, but
resulted from a lack of isolation between SDKs within an application. The SDK
itself is normally embedded within a mobile application where it could
potentially exploit a vulnerability to allow information including, email, username
and last Tweet to be accessed. There is even the possibility for an account to
be taken over via the flaw.OneAudience
said the SDK was updated on November 13, 2019 to stop it from collecting
information and pushed to its partners.Facebook
took on both developers saying oneAudience and Mobiburn were paying developers
to place malicious SDKs in apps.“After
investigating, we removed the apps from our platform for violating our platform
policies and issued cease and desist letters against One Audience and Mobiburn,”
Facebook said.Twitter
determined that the oneAudience SDK only impacted Android devices to access
Twitter.Facebook and
Twitter are notifying those whose data was affected and Twitter has informed
Apple, Google and other industry partners. about the SDK
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds