I’ve written before about whether or not it is safe to login to third-party sites or apps with your social media credentials. There I listed several pros and cons of using the OAuth technology to login using a Facebook or Google credential.
This week’s security news showcases a different reason NOT to use your Facebook credentials on any third party site. The third-party site may NOT be actually using the secure OAuth protocol to transmit your login to Facebook. They might instead be sending your passwords to their own server for nefarious purposes.
Now, onto this week’s security warning. Two Android game apps were pulled from the Google Play store because they were sending customer Facebook passwords to their own servers. Whether this was deliberately evil, or just a case of bad programming is not known. If you ever downloaded either Cowboy Adventure or Jump Chess, it is important to change your Facebook password now. And delete both games from your Android device.
If you are not familiar with what an OAuth interaction looks, it might be easy to be fooled. Here’s what a legitimate OAuth dialog looks like.