On August 27, 2020, Facebook announced it is taking up legal action against multiple U.S. and, for the first time, U.K. developers for violation of its policies.
Both Facebook Ireland and Facebook Inc in the U.K. are suing MobiBurn, parent company OakSmart Technologies and its founder Fatih Haltas, in the High Court of Justice, for failure to comply with the audit requests received from Facebook. This action came after security researchers found out the company’s technology is collecting data from Facebook users through the use of malicious software.
In the U.S. Facebook Inc. and Instagram Inc. are also taking up a separate trial against Nikolay Holper in the San Francisco Federal Court for operating a fake engagement service.
Facebook does not want any more pressure on its shoulders
Following the infamous Cambridge Analytica scandal, which compromised the personal data of 87 million Facebook users, the company has been ruthless in taking down malicious developers who violate their policies. Facebook had started introducing more layers of protection regarding the way developers can access and use data and has not restrained from disciplinary actions when breaches were discovered.
This year, Facebook has also made public new Developer Policies and Platform Terms, which include new methods Facebook can use to ensure compliance. These methods include permission for Facebook to audit third-party apps, even by requesting access to developers’ systems if needed.
Facebook takes legal actions against U.K. developers for the first time
In 2019, rumors about MobiBurn’s activity started circulating in security research circles. Later that year, in November, both Facebook and Twitter made an announcement stating the personal data of many users that used their social media accounts to log into some third-party apps may have been improperly accessed. These apps had malicious SDK (Software Development Kit) installed by MobiBurn and One Audience. Facebook went on to issue a cease and desist letters to both companies.
Facebook went on to take enforcement action, and MobiBurn was requested to comply with an audit from Facebook, which was investigating the company’s use of a malicious SDK to collect user data. But when they received the cease and desist letter, they responded, claiming they were not collecting, monetizing or sharing personal data from Facebook.
According to Facebook’s lawsuit, MobiBurn paid third-party app developers to install the SDK they created into their apps so that the company could collect information from devices and request data from Facebook. This includes a person’s name, email address, gender and time zone.
In the U.S., fake engagement services caught Facebook’s attention
Developer Nikolay Holper is the one Facebook is taking legal action against, for operating fake engagement services. Hope allegedly used automation software and bots to “distribute fake likes, comments, views and followers on Instagram.”. He used several websites to sell services to Instagram users.
This is not the only time Facebook went after fake engagement services. In 2019, another U.S. lawsuit was filed, this time against a follower-buying service based in New Zealand.