Facebook is paying cash rewards if you find vulnerabilities in third-party apps

The recent Cambridge Analytica scandal rocked Facebook, prompting the company to examine more closely where its masses of user data ends up and how it’s utilized.

As part of those efforts, the social networking giant this week announced it’s expanding its bug bounty program to include third-party apps and websites that let people use their Facebook accounts to log in.

The company says it’s focusing on the access tokens that are uniquely generated for the specific user and app during login.

“The user decides what information the token and app can access as well as what actions can be taken … [but] a token can potentially be misused,” Dan Gurfinkel, Facebook security engineering manager, explained in a post announcing the expanded program.

Gurfinkel said it will pay at least $500 to anyone who spots vulnerabilities that involve “improper exposure of Facebook user access tokens.” The more serious the issue, the greater the amount Facebook will pay, though it makes no mention of a cap.

He added that Facebook is using the program in an effort to create a clear channel for people to report any issues they come across, “and we want to do our part to protect people’s information, even if the source of a bug is not in our direct control.”

Once an issue has been confirmed by Facebook’s own researchers, it will contact the app or website developer to help them fix their code, and they’ll be suspended from the platform until the issue has been resolved.

“We will also automatically revoke access tokens that could have been compromised to prevent potential misuse, and alert those we believe to be affected,” Gurfinkel said.

The security engineering manager pointed out that Facebook will only accept reports “if the bug is discovered by passively viewing the data sent to or from your device while using the vulnerable app or website.” In other words, researchers are not allowed to “manipulate any request sent to the app or website from your device, or otherwise interfere with the ordinary functioning of the app or website in connection with submitting your report.”

If a flaw is reported by two people working independently of each other, the payment goes to the person who submits the report first. And if the researcher is feeling generous and would like to donate the bounty to charity, Facebook will double the value of the donation.

The expansion of its bug bounty program comes four months after Facebook launched the Data Abuse Bounty Program, another consequence of the damaging Cambridge Analytica scandal in which a third-party app helped to harvest the data of up to 87 million Facebook users for political gain, which led to big questions over the way the social networking company handled user data.

The Data Abuse Bounty program rewards users who discover and report any app or service connected to Facebook that misuses data, specifically, where “a Facebook platform app collects and transfers people’s data to another party to be sold, stolen, or used for scams or political influence,” the company said.

Facebook described its Data Abuse Bounty Program as an industry first.


Worried about how FaceApp is using your photos? Here’s how to delete your data

Are you concerned about your privacy with FaceApp? If so, you might want to delete your data from the app. The app has come under fire for its terms of service and privacy policies that it can use your face photos in any way it wants to. 

Stalking apps: Google deletes 7 Android trackers from the Play Store

Google has removed from the Play Store seven stalking apps that could track someone's phone without them knowing about it. The sneaky software also offers access to a phone's contact list, as well as its SMS and call history.

These are the must-have games that every Xbox One owner needs

More than four years into its life span, Microsoft's latest console is finally coming into its own. From Cuphead to Halo 5, the best Xbox One games offer something for players of every type.

The U.S. Senate really doesn’t like Facebook’s Libra cryptocurrency plans

Facebook Libra had its first big regulatory test when Calibra head David Marcus appeared before the Senate Banking Committee. It didn’t go well. Senators of both parties had major concerns about Facebook's proposed cryptocurrency.

Stop Facebook from tracking you and using targeted ads with these tips

Facebook and businesses that use the site track what pages you like, your political affiliation, and even try to guess your race. All of this is done so the site can target you with relevant ads. Here's how to opt out.
Social Media

YouTube offers creators more ways to boost their bank accounts

Whether you're a top YouTube creator or just breaking into the game, the video-streaming site has some new features designed to help you please your fans and increase your bank balance.

President Trump attacks Facebook Libra, says it’s not dependable like the dollar

President Trump attacked Facebook's new Libra cryptocurrency on Thursday, claiming it will have "little standing or dependability" and that Facebook would need to seek a banking charter if it wanted to move forward.
Social Media

The FTC will hit Facebook with a $5 billion fine over privacy violations

Facebook has agreed to a $5 billion settlement with the Federal Trade Commission (FTC) over its numerous “privacy missteps." Once it goes through, this would be the largest FTC fine for a major technology company – and a huge chunk of…

Lua uses animated emotions to help you keep your plants happy and healthy

The Lua Smart Planter is currently seeking funding on Indiegogo to make this smiling plant pot a reality. The device helps you take care of your plants by showing their needs through a series of animated faces.

Flex your thumbs (and your brain) with these fun texting games

Gaming consoles keep getting more advanced, but you can still have fun with the good old Latin alphabet. Here are our picks for the best texting games, so you can make the most fun out of that limited data plan or basic cell phone.

Facebook says it won’t launch Libra until regulators are happy

Facebook says it won’t roll out its Libra cryptocurrency until it’s fully addressed regulatory concerns – though it added that regulation of the currency itself would largely happen in Switzerland, not the U.S.
Social Media

Twitter’s mobile-inspired dark mode desktop makeover isn’t just about looks

Twitter.com may have a new look, but it's one that already feels familiar. The new design for Twitter's desktop version borrows heavily from the platform's mobile apps, with a sleeker look, a new dark mode, and easier navigation.
Digital Trends Live

Digital Trends Live: Twitter’s redesign, Libra’s possible delay, Neuralink

On this episode of DT Live, we take a look at the biggest trending stories in tech, including a Twitter redesign, Facebook's delay of Libra, Neuralink's first public event, growing food in space, and the 50th anniversary of Apollo 11.
Social Media

Instagram is crashing repeatedly for some users. Here’s the latest on the outage

Thousands of Instagram users said Tuesday that the social media app was repeatedly crashing or not opening at all, the third time in just over a month that the social network has experienced issues.