Meta said the apps they identified were listed in Apple’s app store and Google Play Store as games, photo editors, health and lifestyle services and other types of apps to trick people into downloading them. Often the malicious app would ask users to “login with Facebook” and later steal their username and password, according to the company.
“This is a highly adversarial space and while our industry peers work to detect and remove malicious software, some of these apps evade detection and make it onto legitimate app stores,” wrote Meta’s Threat Disruption Director David Agranovich, and Malware Discovery and Detection Engineer Ryan Victory.
Meta said it reported the apps to Apple and Google and the apps had since been taken down. Google spokesperson Edward Fernandez said in a statement that the “apps identified in the report are no longer available on Google Play.” A representative for Apple responded but didn’t comment.
Meta has faced scrutiny over its privacy practices for years. In 2019, the Federal Trade Commission approved a roughly $5 billion settlement with Facebook after reports found the political consultancy Cambridge Analytica improperly accessed personal data of millions Facebook users.