Facebook sues OneAudience accusing stealing of users’ data through third-party apps

Yesterday, 27th Feb 2020, Facebook filed a federal lawsuit in California against OneAudience. In the lawsuit Facebook accused OneAudience to steal users’ data through third-party apps, OneAudience is a marketing company.

Facebook claims that the company’s paid app developers exploit the “login with Facebook” feature to improperly gain access to personal data without users’ permission. OneAudience paid third-party developers to install a malicious software development kit (SDK) in their apps that let them collect users’ data without their knowledge.

According to a ZDNet report, the SDK was embedded in shopping, gaming, and utility-type apps, some of which were made available through the official Google Play Store. The complaint has mentioned that "After a user installed one of these apps on their device, the malicious SDK enabled OneAudience to collect information about the user from their device and their Facebook, Google, or Twitter accounts, in instances where the user logged into the app using those accounts.”

Facebook commented on the issue - "With respect to Facebook, OneAudience used the malicious SDK – without authorization from Facebook – to access and obtain a user's name, email address, locale (i.e. the country that the user logged in from), time zone, Facebook ID, and, in limited instances, gender."

The news of the exposure came in the month of November 2019, when Facebook and Twitter verified the findings of independent security researchers.