Facebook slammed a federal lawsuit in a California Court against OneAudience. OneAudience, a New Jersey-based data analytics firm is allegedly secretly harvesting users’ data. Facebook alleged that the company sold “malicious” software to app developers which would gather sensitive information from app downloaders’ Twitter, Facebook and Google account without the knowledge of these companies. According to the lawsuit, OneAudience paid the developers to install the malware and secretly pulled out information from Facebook and other social media companies. The malware was named Software Development Kit (SDK).
“After a user installed one of these apps on their device, the malicious SDK enabled OneAudience to collect information about the user from their device and their Facebook, Google, or Twitter accounts, in instances where the user logged into the app using those accounts,” read the lawsuit that Facebook has filed. It also stated that these apps were distributed to app users on various app stores, like the Google Play Store, and included shopping, gaming, and utility-type apps
As part of Facebook’s data abuse bounty program, security researchers first noticed OneAudience’s behaviour last year. Following that Facebook asked for an audit for the company’s data-collecting behaviour. OneAudience did not cooperate and refused to comply. Soon after, OneAudience shut down its software and stated that the sensitive data was never intended to be collected and was never used for any purpose. At that time, OneAudience put out a statement that said consumers should have a choice on who they want to share their data with and what context.
Facebook and other affected companies took measures against OneAudience. Facebook’s measure included disabling apps, sending companies
In the recent past, Facebook has sued several third-party firms for gathering user’s data including NSO Group, an Israeli surveillance firm that sold Pegasus (malicious software) to governments.