Facebook sues SDK maker for secretly harvesting user data
Yesterday, Facebook filed a lawsuit against a data analytics firm, OneAudience, in a California court. Facebook alleges in the lawsuit that OneAudience paid developers to install its SDK in their apps, and later used the control it had over the SDK code to harvest Facebook users’ data. The court documents claim that the SDK was embedded in shopping, gaming, and utility apps which were available through the official Google Play Store. Facebook claims that the SDK was malicious and enabled OneAudience, which is based in New Jersey, to collect information about user devices through platforms like Twitter, Facebook, and Google.
OneAudience allegedly used the malicious SDK code without authorization from Facebook and the other platforms to access and obtain information such as a user’s name, email address, location of login, time zone, Facebook ID, and in from instances, gender. Twitter originally exposed the incident in November of last year, while Facebook confirmed that they were victims of the malicious SDK on the same day. However, today’s lawsuit was announced as Facebook has finished its investigation into the matter. Facebook reported that they learned of the behavior of the SDK through the Data Abuse Bounty program, which was launched by Facebook in 2018.