Security News > 2020 > March > Facebook sues data analytics firm OneAudience over malicious SDK
Facebook is suing the data analytics firm OneAudience for allegedly developing a malicious, social-media-profile-grabbing software development kit and then paying app developers to embed it in their apps.
According to the complaint, OneAudience's malicious SDK swiped the data that Facebook users had agreed to share with the app - data that may have included their name, email address, the country where they logged in from, time zone, Facebook ID, and, sometimes, gender.
The SDK funneled the data back to the New Jersey data analytics outfit, Facebook said, all without the company's permission, and in violation of Federal and California law, its policies, and its terms of service - including those pertaining to use of its Facebook Login feature.
OneAudience did not obtain data through any partnerships with Facebook and instead obtained data through the malicious SDK. The complaint includes exhibits of the marketing puffery that OneAudience used to assure customers that its collection and marketing of all that data was kosher.
In December 2019, Facebook sued ILikeAd for allegedly inflicting a malicious extension on victims' browsers to steal their Facebook logins, take over their ad accounts, run bad ads, and then use the victims' own payment information to pay for the ads.