If a flashlight app asks for your Facebook log in before it can function, it might be used to steal your data, Meta said, as it flagged 400 iOS and Android apps that dupe smartphone users into giving away sensitive information.
Meta said it informed Google and Apple about the potential security breach and advised the public to be more careful when downloading apps. The biggest red flag is requiring users to log in with Facebook at the startup screen when it can work without social media integration.
Meta said the culprits are:
- Photo editors, including those that claim to allow you to “turn yourself into a cartoon”
- VPNs claiming to boost browsing speed or grant access to blocked content or websites
- Phone utilities such as flashlight apps that claim to brighten your phone’s flashlight
- Mobile games falsely promising high-quality 3D graphics
- Health and lifestyle apps such as horoscopes and fitness trackers
- Business or ad management apps claiming to provide hidden or unauthorized features not found in official apps by tech platforms.
The following apps were found to be stealing data, according to a Meta Newsroom post:
PHOTO BY META NEWSROOM
PHOTO BY META NEWSROOM
How apps are used to steal your data on Meta
Malware developers often hind behind utilities and "fun" apps like ones that cartoonize users, Meta said. They also publish fake reviews on the App Store and Google Play Store.
Once the user agrees to log into Facebook when they open the app, the software steals the login information, which can be used for nefarious ends. Imagine how a person with your Facebook credentials can easily log into Messenger and chat with your friends.
How to stay clear of apps that steal data
Remember the biggest red flag -- why would a utility or fun app ask for your Facebook login when it can function without it? It would make sense for popular fitness apps like Strava that builds running communities. But for a flashlight?
Meta also advised checking the developer of the app and its reputation and reviews. Most importantly, check if the app is functioning as advertised.
What to do if you have a shady app in your phone
First thing you need to do is reset your password, Meta said. Turn on two-factor authentication if you haven't. If your OTPs are unreliable, you can link Facebook to Google Authenticator.
Lastly, turn on login alerts so you'll know when someone is using your account.