Two third-party software development kits integrated by over hundreds of thousands of Android apps have been caught holding unauthorized access to users’ data associated with their connected social media accounts.
In a blog post published yesterday, Twitter revealed that an SDK developed by OneAudience contains a privacy-violating component which may have passed some of its users’ personal data to the OneAudience servers.
Following Twitter’s disclosure, Facebook today released a statement revealing that an SDK from another company, Mobiburn, is also under investigation for a similar malicious activity that might have exposed its users connected with certain Android apps to data collection firms.
Both OneAudience and Mobiburn are data monetization services that pay developers to integrate their SDKs into the apps, which then collect users’ behavioral data and then use it with advertisers for targeted marketing.
In general, third-party software development kits used for advertisement purposes are not supposed to have access to your personally identifiable information, account password, or secret access tokens generated during ‘Login with Facebook’ or ‘Login with Twitter’…