SDKs Misused to Scrape Twitter, Facebook Account Info
Twitter and Facebook warn users that software development kits (SDKs) owned by oneAudience and MobiBurn can be embedded within an app and used to extract personal information. The two SDK companies create kits that can be used by app developers to create malicious apps that request access to Twitter or Facebook accounts. Data is harvested after the request is approved, and the developer can scrape information such as user email address, username, and gender.
Twitter stated that they have evidence that SDKs were used to access data for some Twitter users logged in on an Android device, but there is no evidence of a similar iOS version. After the Cambridge Analytica scandal, both social media companies updated their privacy regulations to prohibit third parties to access profile information for data monetization purposes. MobiBurn announced that it had since discontinued its SDK and stated that it does not collect or monetize Facebook user data.