Facebook should learn a security lesson from Apple, Sophos poll confirms

October 19, 2010 Sophos Press Release

A Sophos poll of over 1000 people has revealed that more than 95% believe that Facebook should follow Apple's example and security-check all third party apps running on the site.

Sophos's survey follows a summer of malicious apps, causing havoc on Facebook, compromising hundreds of thousands of users' profiles and spreading virally across the network.

"Facebook is much more than a social networking website, it's a platform with over half a million active applications running upon it," explained Graham Cluley, senior technology consultant at Sophos. "Inevitably some of these applications are written with malicious intent - designed to steal information, spread virally, or spam unsuspecting Facebook users. Anyone can write a Facebook application, and it can be made available to the site's over 500+ million users without vetting. It's no wonder we see so many malicious attacks by rogue Facebook apps every day."

Facebook verify apps survey results, October 2010

"Apple has successfully run a 'walled garden' on its iPhone App Store, meaning that only approved apps are allowed to be run on the iPhone, iPad and iPod Touch," continued Cluley. "Although some people may not appreciate the level of control that Apple has over what apps you can run on your device, it certainly has been instrumental in keeping malicious hackers and malware off the platform."

Rogue Facebook application attack

Every day, Sophos sees new malicious apps on Facebook, that are happily spreading on the social network, compromising users' profiles and stealing information. Clearly Sophos's poll respondents feel it's time that Facebook put in place compulsory verification systems for third-party applications, to help prevent security threats.

More information about the threat posed by rogue Facebook applications can be found on Graham Cluley's blog.

Source: Sophos online survey, 1025 respondents, October 2010.