The trust and complexity of such relationships between key Apps, users, and our data is a challenge for individuals and businesses. A recent study was done of 500,000 FaceBook Apps (bear in mind this is ONE platform for Apps dedicated to it, so extrapolation and assumptions are needed, cautiously, for other platforms), and found interesting facts.
The study was done by Secure.me who sells reputation services, so a grain of salt needs to be taken, but as the research shows (even with a grain of salt) there are enough considerations to impact most information security, compliance programs, and risk treatment plans.
A snippet of the findings include:
- About six out of ten of the apps (63%) can post on to timeline (honestly, do you even know what others in the platform are seeing regarding your own data/timeline/posts/and associations?)
- More than two thirds of the apps (69%) know stored email address
- Nearly every third app (30%) knows the account’s birthday
- 5 out of 100 apps (5%) access your photos and videos, going beyond the profile picture
- Every tenth app (10%) is informed about hobbies and interests
- 10% of the apps have access to your geo information including check-ins, hometown or current city
- 1 out of 5 apps (21%) can access personal data of your “friends” including friends’ birthdays, education and work history
Check out their post here on the details.
The action here for businesses is to review their social media strategy as it is integrated within the enterprise security & risk programs and the privacy elements of the business. Note, the social media considerations listed above are partial inputs into this broader program that considers such risks. It would be nice to have dedicated teams for each type of program (social media, cloud, etc…), but in most mature organizations the framework and practices exist and simply should be augmented. This study is a nice input providing awareness to singular risks.
I have been doing research on this very problem within the smartphone app space. To identify similar trust threats and privacy concerns. Much to be done…if others know of existing research, kindly share!
James DeLuccia IV