Everybody seems to be talking about the BBC’s Click expose of potentially malicious Facebook applications.
The Facebook rebuttal is unfortunately doused in “safety first” legalese and is rather too formal to put ordinary users’ minds at rest, so as an app developer, here’s my own:
The programmes main criticisms are:
- that the platform owner (facebook) does not deal with spyware properly. It has no filtering method to stop bad apps getting in.
- that it only takes your friend to add a malicious app for your own private data to be compromised
To answer 1. The whole point of a platform is that it is free and open for people to write applications – some of which will inevitably be nasty. It’s a fallen world after all.
If Facebook had a filtering method that reviewed every application that was published (there are over 140 a day) then it would no longer be a platform but instead be a walled garden. Interestingly this is the very thing the BBC criticised Facebook for being (Tear down the walled garden) last August….
Point 2 is more of a fundamental issue – let’s take an example: when I add an application such as the BBC’s own The Apprentice Board (which I wrote) the application gives the user access to all their friend details so they can then invite them to play the game. Without the friend’s details the game would become too dull for words, so for the app to succeed the friend details are an essential part.
The problem comes in that if the application developer is not a reliable brand like the BBC but a malicious developer and they choose to break Facebook’s Terms of Service and steal that friend data elsewhere: a type of spyware.
However, while possible in theory (as the programme points out) – there are some business reasons why this would be difficult to do in practice:
- The app would have to be small enough to avoid Facebook’s radar – to be small is to only ever access a limited and random worldwide group of people. For any software to be profitable it needs thousands of users to justify its cost of development, for data to be valuable and usable it needs focus. Small is not a profitable option.
- The app would daily run the gauntlet on Facebook’s fraud detection systems – every call to the Facebook system is logged and processed for fraud. Facebook apps can be shut down instantly across thousands and even millions of users. This is a web platform where Facebook have all the power. All developers know that they have to stay on the right side of Facebook to keep releasing apps.
- The app would still need to be good enough to grow big – all app developers are competing like mad to create viral and fun apps that grow to thousands and millions of users. The nasty spyware companies would have to compete with the world’s best brands and digital agencies to create effective apps.
If successful they might find themselves in a position much like Woody Allen’s Small Time Crooks where the rewards of the “front” business were better than the ill gotten gains to be had!
In the film the crooks try to tunnel into a bank next door. To “front” the operation, one of the wives sells cookies upstairs. Eventually it is her cookie business that makes astonishing money rather than the tunnel to the bank vault!
In the same way a successful app has more to gain from selling ads to its user base than stealing their private information which is of such variable quality.
So it’s not quite as clear cut a danger as the guys at Click would have you believe.
To me this article is just part of the larger “web 2 platform wars” that BBC news, as a top ten world web site, is a player in – not an unbiased outsider. Whether MySpace, BBC or Facebook will be our primary platform for social interaction about the world outside our window remains to be seen.
What we can expect is more bad mouthing between the platforms and we mustn’t expect the traditional media channels to stay on the sidelines.