Facebook disables some legitimate apps while targeting malicious ones
The use of tools to detect malicious patterns in apps led Facebook to temporarily disable some legitimate third-party apps that integrate with the social networking website, the company said Thursday.
Earlier in the week, a number of people complained that their Facebook developer accounts and apps were unavailable.
Facebook said it uses automated systems to identify and disable malicious apps, so as to protect its platform and users. These techniques identify a malicious pattern, find the apps that match that pattern, and then disable those apps.
“This normally results in thousands of malicious apps being disabled and improves our automated systems’ ability to detect similar attacks in the future,” Facebook employee Eugene Zarakhovsky wrote in a blog post.
But on Tuesday, Facebook started with a broad pattern that correctly matched many thousands of malicious apps but also matched many high-quality apps.
“When we detected this error, we immediately stopped the process and began work to restore access,” Zarakhovsky wrote. “The process took longer than expected because of the number of apps affected and bugs related to the restoration of app metadata.”
Facebook did not say how many legitimate apps were affected.
The company now plans to make improvements to its processes and technology, including better tools to identify overly broad patterns and better processes to verify that all the apps matched are in fact malicious. It will also address the bugs and bottlenecks that slowed down the recovery process.
Facebook has been unveiling tools to get developers to integrate their apps with its platform. In April it announced plans to acquire Parse, a cloud-based platform that provides cross-platform services and tools for developers. “By making Parse a part of Facebook Platform, we want to enable developers to rapidly build apps that span mobile platforms and devices,” it said at the time.