Facebook's new Developer Verification won't stop rogue apps

Facebook's new Developer Verification won't stop rogue apps

Summary: Facebook will now require that every developer to verify their Facebook account by providing a mobile phone number or adding a credit card to their account. Sadly, it won't help.

SHARE:

Looking to clamp down on the escalation of malicious apps on its popular social network, Facebook will now require that every developer to verify their Facebook account by providing a mobile phone number or adding a credit card to their account.

While this is clearly a step in the right direction, this won't stop rogue apps from wreaking havoc on the social network.

Here's the news from Facebook's Niket Biswas:follow Ryan Naraine on twitter

Starting this week, we are requiring every developer to verify his or her Facebook account to create new applications. This is the same quick process that users go through when they want to do things like upload large videos.

We're taking this step to preserve the integrity of Facebook Platform, ensuring that every application is associated with a valid and real Facebook account.

You can verify your account by either confirming your mobile phone number or adding a credit card to your account. Facebook will not charge your credit card if you add it to your account.

This will probably help to limit Facebook's problems with nuisance apps but the criminals behind for-profit malware apps will find a way around this roadblock easily.   For starters, they already have access to stolen credit card credentials and will use those without thinking twice.

The verified mobile phone number is always just a small deterrent but with easy access to disposable pre-paid cellphone accounts, there's an easy end-around here as well.

Instead of these minor roadblocks, Facebook needs to implement some sort of code signing or code inspection process for every app that's submitted to its platform.

Topics: Hardware, Banking, Mobility, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

19 comments
Log in or register to join the discussion
  • Require ISP email address,no free email address.

    Require ISP email address,no free email address. Second, no prepaid cell phones, and actually check to see if the phone number/credit card are actually good. And developers must be certified somehow too,How about services like malware/sntivirus companys to actually check the program before its released to the web. a waiting period?
    There are plenty of ways to make it extremely had for criminals,but right now its far too easy. Stop making excuses for not fixing the problems and just do the right thing.
    Stan57
    • RE: Facebook's new Developer Verification won't stop rogue apps

      @Stan57 And what does that fix? No reason to expect that bad guys don't own their own domains. So Facebook should trust badguy@cheapviagra.ru over everyman@gmail.com? And they're supposed to keep track of every free email service in existence? I don't think this helps at all.
      cgarrett
  • Facebook - still cant provide "Tagging Control" - stupid Facebook

    Stupid Facebook still can't provide us with "Tagging Control" something that ask for our permission when our Friends want to tag us in some photos or videos.... many people wanted this and yet Facebook never bother about it....
    jshewsbury@...
  • STOP CRITICIZING FACEBOOK

    If they protect their users from rogue apps they will become like Apple. Hmm... Maybe that IS a good idea....
    thofts
  • RE: Facebook's new Developer Verification won't stop rogue apps

    Let's see, throw away cell phones are $15 at Target. That will stop spammers dead in their tracks....
    papabear40
  • Developer Verification vs Member Education

    I concur that this is a good attempt at a stop-gap, but ultimately ineffective. Of course, FaceBook *has* to do something and then advertise loudly that they are doing so, but I suspect that this is all they're doing in this case.
    Internaut education is really the only answer INMnsHO, but it is also the most difficult solution to implement. I gave it an attempt here:

    http://my.opera.com/PMAco/blog/2010/05/14/facebooks-apps-danger-will-robinson

    Another side to this sword is getting the community to dig that they need to protect their cyberpersonnae very jealously, and that criminal actions today are going to haunt them long into the future. The classic "protect your family name" philosophy of our ancestors needs to find its way into the brave new world.

    Smiley
    smiley97111
  • RE: Facebook's new Developer Verification won't stop rogue apps

    @TunerGeek Agreed. People in glass houses etc.
    smb2009
  • RE: Facebook's new Developer Verification won't stop rogue apps

    You know, we could just have all facebook apps go through apple before they hit facebook...

    There'd be no flash, no widgets, and none of the other fun stuff kids love, but it'd be safe!

    (Actually, in retrospect, getting rid of all that crap might actually be nice. Perhaps they could deny farmville!)
    Taters05456
  • Funny, isn't it ...

    ... how we love the anonymity of the Internet until we are duped into screwing up our computers or giving away personal information to identity thieves.

    This will be another fruitless attempt to identify those who would maliciously attack others (for fun or profit).

    Until the global Internet community deals with the pitfalls of anonymity on the Internet and realizes that there needs to be a reliable way to determine the identity and the juridiction of those who break the law, this problem is only going to get worse.

    Of course, the law also needs to catch-up with the technology and recognize that malware attacks are just as much a threat to personal wellbeing as physical assaults.
    M Wagner
  • RE: Facebook's new Developer Verification won't stop rogue apps

    No one, even ours and other governments, is safe from hackers, so FaceBook wants you to give your credit card info, as if they are above hacking! FB may lose more members with this new effort to make things "safer" for the rest of us.
    101Singles
  • RE: Facebook's new Developer Verification won't stop rogue apps

    No one, even ours and/or other governments, is safe from hackers, so FaceBook wants you to give your credit card info, as if they are above hacking! FB may lose more members with this new effort to make things "safer" for the rest of us.
    101Singles
  • Code inspection?

    It can be extremely difficult to predict the behavior of code by inspecting it - I believe Alan Turing proved this. Code inspection is therefore not a practical approach.

    Facebook seem to need a way to run code in a 'sandbox'. Hmm, didn't Java address this problem 15 years ago?
    DavidByrden
  • Stop the SPAM

    It seems common for spam to appear at the beginning of many Talkback threads. Can something be done to block these obnoxious repeat offenders? For example, itkonlyyou97 was itkonlyyou96, itkonlyyou95, and so on. The domains in the three spams in this thread are in China and seemingly owned by the same individual. Clicking these web links may not be a good idea.
    hansa@...
  • RE: Facebook's new Developer Verification won't stop rogue apps

    @TunerGeek ROFL!
    pc_techs_ct@...
  • RE: Facebook's new Developer Verification won't stop rogue apps

    maybe they can have a better flagging system, that actually WORKS!
    touxiong
  • RE: Facebook's new Developer Verification won't stop rogue apps

    Code signing, a sign-up fee and a complex market submission process like iPhone or BlackBerry etc

    There's nothing new to solve here, just a lack of will.
    smb2009
  • RE: Facebook's new Developer Verification won't stop rogue apps

    Stan57 is right - the proportionate response is to insist on an ISP based email account. As you say, credit card details are already available to malicious app developers and it's too easy to get a pre-pay mobile SIM. But a code signing process is far too like Apple.
    martinrigby
  • RE: Facebook's new Developer Verification won't stop rogue apps

    Great !!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">sesli sohbet</a> <a href="http://www.yuregininsesi.com">sesli chat</a>
    efsane
  • good idea about facebook

    A good post. Do you know tattoo? It is quite amazing. We supply kinds of tattoo kits, tattoo machines, tattoo needles, tattoo ink and so on. Please buy<a href="http://www.dealingway.com/Wholesale-rotary-tattoo-machines_c278">custom rotary tattoo machine</a>at wholesale price from us.6e4OB
    gavin.chan