Update: The names of the apps are now known. Apple has removed them from the App Store, but the apps also need to be removed from devices – see the list added to the end of the piece.
Meta has issued a Facebook security warning to around one million users that their login credentials may have been stolen by scam apps. While most of the apps were Android ones, 47 of them were iOS apps found in Apple’s App Store …
Many apps and websites offer third-party login options, with the most common ones being:
- Login with Facebook
- Login with Google
- Login with Apple
The intention behind these login methods is to make it quicker and easier to start using an app, by skipping the need to register an account. However, a bad actor can also use this approach to steal your credentials.
Engadget reports that this is what a whole bunch of scam apps have done with the “Login with Facebook” option.
Meta is warning 1 million Facebook users that their account information may have been compromised by third-party apps from Apple or Google’s stores. In a new report, the company’s security researchers say that in the last year they’ve identified more than 400 scammy apps designed to hijack users’ Facebook account credentials.
According to the company, the apps are disguised as “fun or useful” services, like photo editors, camera apps, VPN services, horoscope apps, and fitness tracking tools. The apps often require users to “Log In with Facebook” before they can access the promised features. But these login features are merely a means of stealing Facebook users’ account info. And Meta’s Director of Threat Disruption, David Agranovich, noted that many of the apps Meta identified were barely functional.
Facebook security warning
If you have used one of the known scam apps, Meta will push a message to you in the Facebook app:
A security notice from Meta
You may have logged into Facebook from a malicious app designed to steal your
Facebook account information.To protect your information we recommend you secure your account immediately.
The site says that the iOS apps identified mostly appeared to be targeting business users, with names like Meta Business, FB Analytic, and so on.
Meta has provided the full list of apps to both Apple and Google, so that they can be removed from their respective app stores.
Apple of course argues that its app review process keeps users safe from scams, and this is why it shouldn’t be obliged by antitrust concerns to allow third-party app stores or sideloading of iOS apps.
This latest revelation could be said to provide ammunition to both sides of the debate. On the one hand, dozens of scam apps made it through app review despite the fact that (a) they were stealing credentials and (b) scarcely worked. On the other, there were far fewer of these apps in the App Store than in Google’s Play Store.
Full list of affected iPS apps
If you have installed any of these apps, you should remove the app and then change your Facebook password.
| iOS App ID | App Name |
| 1555651942 | FB Advertising Optimization |
| 1561642325 | Business ADS Manager |
| 1563142182 | Ads Analytics |
| 1564091908 | FB Adverts Optimization |
| 1566705026 | FB Analytic |
| 1566706023 | FB Adverts Community |
| 1574530186 | Adverts Ai Optimize |
| 1587056055 | Very Business Manager |
| 1591775710 | FB Business Support |
| 1593368297 | Fb Ads |
| 1596775769 | Meta Optimizer |
| 1597553589 | Business Manager Pages |
| 1598946098 | Adverts Manager |
| 1600072709 | Meta Adverts Manager |
| 1600404846 | Ad Optimization Meta |
| 1601275530 | FB Pages Manager |
| 1602637866 | Business Ads |
| 1603255418 | Meta Business |
| 1603571287 | Business Suite Manager |
| 1604086670 | FB Ads Cost |
| 1607057895 | Adverts Bussiness Suite |
| 1608743187 | Business Ads Clock |
| 1609915932 | Ads & Pages |
| 1610859814 | Business Suite |
| 1610944161 | Business & Ads |
| 1612196202 | Business Manager Overview |
| 1613983385 | Business Suite Ads |
| 1619733733 | Page Suite Manager |
| 1622402517 | Business Meta Support |
| 1623362126 | Pages Manager Suite |
| 1625368035 | Business Meta Pages |
| 1626632781 | Business Suite Ads |
| 1626692617 | Ads Business Knowledge |
| 1629919774 | Page Suite Managers |
| 1631778308 | Pages Managers Suite |
| 1632069527 | Ads Business Advance |
| 1632606219 | Pages Manager Suite |
| 1633012933 | Business Suite Optimize |
| 1633016482 | Business Manager Suite |
| 1633078757 | Business Suite Managers |
| 1633828994 | Ads Business Manager |
| 1635045234 | Ads Business Suite |
| 1635301567 | Business Manager Pages |
| 1635555183 | Business Adverts Manager |
| 1636196931 | Ads Manager Suite |
| 1636825108 | Business Manager Pages |
| 1639572841 | Ads & Business Suite |
Photo: Dawid Sokołowski/Unsplash
FTC: We use income earning auto affiliate links. More.
