Is Facebook‘s “Most used words” quiz a privacy thief?
The “Most used words” app became a Facebook hit within days of its launch. At the moment of writing this article, it has been used by nearly 18 million users globally. There are many controversies about user privacy in relation to data that is collected by the app.
Earlier this week, the British company Comparitech published a blog post about the privacy nightmare caused by this innocent-looking Facebook app. “Most used words” is presented as a simple, playful quiz in which Facebook scans through and analyzes users‘ posts in order to generate a collection of words they use most frequently on Facebook. Sounds like fun, right? Before you try it yourself, take a closer look at this data-hungry wolf in sheep’s clothing – after some analysis of the app, it has turned out to be a privacy thief. When using the app, users give away following details:
First, the app asks for a couple basic pieces of information:
2. Everything you’ve ever posted on your timeline
But then, it asks users to agree to give away the following personal details:
3. Profile picture, age, sex, birthday,and other public info
4. Entire friend list
5. All of the photos and photos you’re tagged in
6. Education history
7. Hometown and current city
8. Everything you’ve ever liked
9. IP address
10. Information about the device you’re using, including browser and language
Let’s face it -- our concept of the privacy has unarguably changed in the age of the Internet and social media. In the digital world, we leave our fingerprints on a daily basis while browsing, shopping, playing, and chatting on multiple devices. Regardless of our online activities, there should be limits as to how companies collect, store and process our personal data. In this case, the owner of the app, South Korean company vovon.me, can be accused of a serious breach of user privacy.
What do you give away when installing “Most used words”?
According to Vonvon’s official terms and conditions, you agree to your personal information being used in the following ways:
1. Used after the termination of your membership to the website and/or use of Vonvon’s services, for any reason whatsoever. (This basically means that you already gave away your data if you used the app.)
2. Stored on any of Vonvon’s servers at any location, including the countries that have little to no legal regulations regarding data privacy.
How to protect yourself?
We have good and bad news for you. The bad one is that if you have already installed any of Vonvon’s apps, it’s unfortunately no longer possible to protect your privacy. (See point 1 in the paragraph above.)
If you haven’t used it yet, let this be a lesson to you. The same lack of privacy concerns can also be seen in other permission-hungry apps – this is why a weather forecast app would like to have access to your pictures and a cooking app requests your IP address.
We also advise you to review the current list of apps that you have already installed on Facebook, determine if you use them on a regular basis and pinpoint what kind of data the apps are requesting from you. You can do this by doing the following:
1. Select Settings in the top right of Facebook
2. Click Apps in the left menu
3. Hover over an app or game and click to edit its settings
If you are an Avast user, log in into your Avast account and go to Social Media Security > Apps -- we will guide you how to analyze each of your apps‘ security.
You might be surprised how many apps you have installed throughout the years, so don’t forget to make an audit of your apps on a regular basis.
Johns Hopkins University cryptographers used publicly available documentation from Apple and Google and discovered that if you have the right tools, Android and iOS encryption may not be as robust as you think.
After a FaceTime bug was uncovered in 2019, Google researchers have discovered the same bug in other group chat apps including Signal, JioChat, Mocha, Google Duo, and Facebook Messenger.