Meta is warning Facebook users that there are hundreds of apps on Apple’s and Google’s app stores that were made to steal Facebook login information. The company says it has found over 400 malicious apps that look like games, photo editors, and other utilities. It is warning users who “may have unknowingly self-compromised their accounts by downloading these apps and sharing their credentials.” Bloomberg says that a million users could have been affected.
Meta says in its post that the apps got people to download them by making up fake reviews and promising useful features. These are both common tricks used by scam apps that want your money instead of your login information. But when users opened some of the apps, they were asked to sign in with Facebook before they could do anything. If they did, the developers could steal their login information.
Meta says that it told Google and Apple about the apps and got them taken down, but the fact that they were there in the first place is still not a good sign. This is especially true for Apple. For years, the company has argued against sideloading apps for the iPhone, saying that the ability to install apps that aren’t in the App Store is “a cyber criminal’s best friend.” It says that its App Review process, which is supposed to test apps before they are put on the App Store, has helped it build a “trusted ecosystem for millions of apps.” Even so, the company has had a hard time controlling scam apps on its platform. Some of these apps are said to be making millions of dollars.
To be fair, Facebook’s report shows that the problem is much worse on the Play Store. Out of the 402 malicious apps on its list, 355 were for Android and 47 were for iOS. The ones for Android were interesting because they covered a wide range of categories, such as games, VPNs, photo editors, and horoscope apps. On the other hand, every single one for iPhone had to do with managing business pages or ads. This didn’t mean that they weren’t suspicious, but it’s hard to figure out how “Very Business Manager” passed Apple’s App Review process.
The Verge asked Apple and Google for a comment, but neither company replied right away.
Meta’s post gives some good warning signs to look out for when it comes to apps that try to steal your login information. If the app doesn’t do what it says it does, locks all functionality behind a login, or has a lot of (possibly buried) negative reviews, it’s probably best to skip it and find a more trustworthy app.
Jessa Martin is the author of Nogmagazine, A professional in writing by day, and novelist by night, she received her bachelor of arts in film from Howard University and her master of arts in media studies from the New School. A Brooklyn native, she is a lover of naps, cookie dough, and beaches, currently residing in the borough she loves, most likely multitasking.