CanaryTrap: Detecting Data Misuse by Third-Party Apps on Online Social Networks

06/29/2020
by   Shehroze Farooqi, et al.
0

Online social networks support a vibrant ecosystem of third-party apps that get access to personal information of a large number of users. Despite several recent high-profile incidents, methods to systematically detect data misuse by third-party apps on online social networks are lacking. We propose CanaryTrap to detect misuse of data shared with third-party apps. CanaryTrap associates a honeytoken to a user account and then monitors its unrecognized use via different channels after sharing it with the third-party app. We design and implement CanaryTrap to investigate misuse of data shared with third-party apps on Facebook. Specifically, we share the email address associated with a Facebook account as a honeytoken by installing a third-party app. We then monitor the received emails and use Facebook's ad transparency tool to detect any unrecognized use of the shared honeytoken. Our deployment of CanaryTrap to monitor 1,024 Facebook apps has uncovered multiple cases of misuse of data shared with third-party apps on Facebook including ransomware, spam, and targeted advertising.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
11/05/2021

Security and Privacy Perceptions of Third-Party Application Access for Google Accounts (Extended Version)

Online services like Google provide a variety of application programming...
research
06/12/2020

Building trust in digital policing: A scoping review of community policing apps

Perceptions of police trustworthiness are linked to citizens' willingnes...
research
07/05/2022

iLibScope: Reliable Third-Party Library Detection for iOS Mobile Apps

Vetting security impacts introduced by third-party libraries in iOS apps...
research
06/29/2016

How smart does your profile image look? Estimating intelligence from social network profile images

Profile images on social networks are users' opportunity to present them...
research
04/17/2020

Privacy-Preserving Script Sharing in GUI-based Programming-by-Demonstration Systems

An important concern in end user development (EUD) is accidentally embed...
research
06/26/2016

Enhancing Transparency and Control when Drawing Data-Driven Inferences about Individuals

Recent studies have shown that information disclosed on social network s...
research
07/13/2018

Dating with Scambots: Understanding the Ecosystem of Fraudulent Dating Applications

In this work, we are focusing on a new and yet uncovered way for malicio...

Please sign up or login with your details

Forgot password? Click here to reset