A viral app is able to hoover up all of people’s personal information and is able to sell it on to whoever it wants.
An app called Most Used Words on Facebook has been shared thousands of times but may be taking the information of those who use it. The quiz is just one of a huge number of Facebook apps that are luring people in with the offer of interesting information or quizzes.
The apps then request access to your information and Facebook page before they will give up what they are offering — and sell on the data that they are able to gather. The Most Used Words on Facebook app is most often seen when a user posts the word clouds that it generates. It pulls information from users’ statuses and finds the words that they have used most, assembling them into a picture that shows the most common ones largest. The app has been shared over 16 million times, according to Comparitech, which first reported the privacy issues. "That’s over 16 million people who agreed to give up almost every private detail about themselves to a company they likely know nothing about," the site wrote.
When a user clicks on a post, they will see a quick page offering the option to grant access to their profile so that the app can see what they have posted and analysed. But when the app requests access to your Facebook profile, it also requires that people allow it to hoover up private information from a users’ accounts.
The company said that it was requesting that information so that it didn't have to ask repeatedly when users clicked on different quizzes. But it told Comparitech that it would be altering that policy, adjusting the scope of each data request "the minimum requirement to produce each separate content". The app asks for permission to see everything a user has ever liked. It is also able to gather up information about the computer that is being used — including its IP address and what browser they are using, both of which can easily be used to steal further personal information.
The company behind the app, Vonvon, told Comparitech that despite being able to take a vast array of information, it does not gather it or store it on its services. Since it does "not store any personal information", it has "nothing to sell", the company's CEO Jonghwa Kim told Comparitech. Some of the information includes data about a person’s friends, which means that the company may have information about you even if it hasn’t used the app. That includes your entire friends list and all of the photos that you are tagged in.
The app’s terms of service state that all of the information that it takes will continue to be stored even if you shut your account with them, “for any reason whatsoever”. They also point out that the information can be stored “on any of our servers, at any location”, which means that it could be held in locations that have much fewer controls for how it is used. It isn’t clear what the site is doing with the information. But it makes clear that it can sell the information to anybody that it wants — without giving you any notification — and that simply using the app means that you have given your permission for them to do so.
Once it has sold that data on, it gives no protection for how it is used. The privacy policy “does not apply to the practices of entities Vonvon does not own or control, or to individuals whom Vonvon does not employ or manage, including any third parties to whom Vonvon may disclose Personal Information”, the terms read.
