Facebook and Twitter revealed that some
According to the company, the cause of behavior that violates their policies is a couple of “malicious” software development kits (SDKs) used by the third-party iOS and Android apps.
The SDK was designed to display ads, experts noticed that once users of the social networks were logged into either service using one of these applications, the SDK silently accessed their profiles to collect information.
The apps that includes the SDK code are able to collect user names, email addresses, and Tweets via unspecified Android apps.
The malicious SDK was developed by the marketing firm
“We recently received a report about a malicious mobile software development kit (SDK) maintained by
Even if Twitter experts have no evidence to suggest that this was used to take control of a Twitter account, they
Twitter is aware that the malicious SDK was used to access personal data for at least some Twitter account using Android devices, while it has no evidence that the
Twitter reported the incident to both Google and Apple, and other industry partners, and is calling for action to block the malicious SDK and apps that include its code.
Facebook announced that it has identified at least
The malicious SDKs were allegedly harvesting profile information, including names, genders, and email addresses.
“Security researchers recently notified us about two bad actors, One Audience and Mobiburn, who were paying developers to use malicious software developer kits (SDKs) in a number of apps available in popular app stores,” a Facebook spokesperson told The Register.
“After investigating, we removed the apps from our platform for violating our platform policies and issued cease and desist letters against One Audience and Mobiburn. We plan to notify people whose information we believe was likely shared after they had granted these apps
“No data from Facebook is collected, shared or