Facebook Inc., has announced that it has filed a federal lawsuit in a court in California against New Jersey-based data analytics company OneAudience that allegedly paid third-party app developers to install a malicious Software Development Kit (SDK) in their apps. These apps were later installed by several users whose data was later collected by the firm. Facebook Inc hasn’t mentioned what data was collected by OneAudience.
‘Security researchers first flagged OneAudience’s behaviour to us as part of our data abuse bounty program. Facebook, and other affected companies, then took enforcement measures against OneAudience,’ Facebook said in a statement. Facebook said it disabled the malicious third-party apps, sent a cease and desist letter to OneAudience, and requested their participation in an audit. OneAudience declined to cooperate, the Menlo Park-based company noted.
The news of the exposure first came out in November when Facebook and Twitter announced that the data of users was exposed after their accounts were used for logging into Google Play Store apps. Along with OneAudience, another company Mobiburn was also accused of accessing people’s personal information, including usernames, email addresses and tweets. Mobinburn refused the allegations saying that it does not collect, share or monetise data from Facebook.
Facebook was itself mired in controversy in which it was revealed that now defunct British political consulting firm Cambridge Analytica harvested the personal data of millions of Facebook users without their consent and used it for political advertising purposes. Since then, the Mark Zucklerberg-led company has been engaged in various efforts to protect people and increase accountability of those who abuse the technology.