Sunday, March 1, 2009

Should Facebook Do More To Prevent the Spread of Rogue Applications?

Graham Cluley's blog 
reported that Facebook had discovered yet another rogue third-party application in less than a week after the "Error Check System" had blasted Facebook users claiming that there was a problem with user profiles and concerned users were redirected to malicious websites.  The new rogue application sends a bogus notification messages that a friend has violated Facebook's Terms of Service.  A typical bogus notification message appears as follows:

"[Friend's name] has just reported you to Facebook for violating our Terms of Service. - This is your official warning! - Click here to find out why you were reported! - Request Facebook look at what has happened and rule immediatley."

Now if a novice user misses the school boy spelling error by clicking on the link, then he would grant the rogue application permission to access his profile and personal information, and inadvertently forward the bogus information message to all of his Facebook friends!

When Facebook opened its platform to developers, it allowed anybody to develop and write a Facebook application. One of the issues is that the applications developed are apparently not going through the scrutiny and certification process that is desirable before the application is made available to the public.  As a result, even if Facebook removes one malignant application, another one can pop up in another place like a poisoned mushroom under a different name.  

According to Graham Cluley, Facebook has now removed the rogue application along with its clones ("My account" and "Reported for Rule Breaking").  Facebook users have to be more careful before adding new applications, but, isn't it time for Facebook to add more scrutiny before having its applications published ?

Bookmark and Share


No comments: