Facebook deceived developers and users with Verified Apps program
Posted on 14 August 2012.
The privacy settlement that the US Federal Trade Commission and Facebook agreed on last November has been finalized on Friday and, unlike Google earlier that week, Facebook managed to avoid paying any fines.


"Following a public comment period, the FTC has accepted as final a settlement with Facebook resolving charges that Facebook deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public," the commission stated in the press release.

"The settlement requires Facebook to take several steps to make sure it lives up to its promises in the future, including by giving consumers clear and prominent notice and obtaining their express consent before sharing their information beyond their privacy settings, by maintaining a comprehensive privacy program to protect consumers' information, and by obtaining biennial privacy audits from an independent third party."

Among the things that FTC's investigation has unearthed is the fact that Facebook's App Verification program, established and closed within six months in 2009, was a complete sham.

"Designed to offer extra assurances to help users identify applications they can trust - applications that are secure, respectful and transparent, and have demonstrated commitment to compliance with Platform policies," the program required developers to pay from $175 to $375 to have their app verified.

But, "contrary to the statements set forth in Paragraph 46, before it awarded the Verified Apps badge, Facebook took no steps to verify either the security of a Verified Applicationís website or the security the Application provided for the user information it collected, beyond such steps as it may have taken regarding any other Platform Application," the commission found.

So, in fact, Facebook earned thousands of dollars by simply appending the green checkmark to the apps in question. And while the developers in question at least got a more prominent spot for their apps, Facebook users used them and believed themselves to be perfectly safe.






Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //