Meta said the apps they identified were listed in Apple’s app store and Google Play Store as games, photo editors, health and lifestyle services and other types of apps to trick people into downloading them. Often, the malicious app asks users to “sign in with Facebook” and then steals their username and password, according to the company.
“This is a highly adversarial space, and while our industry peers work to detect and remove malicious software, some of these apps evade detection and end up in legitimate app stores,” wrote David Agranovich, director of Meta, for Threats, and Malware Detection and Discovery Engineer Ryan, Victorie.
Meta said it reported the apps to Apple and Google and the apps have since been removed. Google spokesman Edward Fernandez said in a statement that “the apps identified in the report are no longer available on Google Play.” An Apple representative responded but did not comment.
Meta has faced scrutiny over its privacy practices for years. In 2019, the Federal Trade Commission approved a roughly $5 billion settlement with Facebook after reports found that political consulting firm Cambridge Analytica improperly accessed the personal data of millions of Facebook users.