2023 State of Malware Report: What the channel needs to know to stay ahead of threats
Social media giant Facebook snooped on Snapchat usersâ network traffic, engaged in anticompetitive behavior and exploited user data through deceptive practices. Thatâs according to a court document filed March 23, 2024.
The document mentions Facebookâs so-called In-App Action Panel (IAAP) program, which existed between June 2016 and approximately May 2019. The IAAP program, used an adversary-in-the-middle method called to intercept and decrypt Snapchatâsâand later YouTubeâs and AmazonâsâSSL-protected analytics traffic to provide information for Facebookâs competitive decision making. Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client.
On June 9, 2016, Facebook CEO Mark Zuckerberg complained about the lack of analytics about competitor Snapchat.
âWhenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them. . . .
Given how quickly theyâre growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.â
So, as part of the IAAP program, the company started Project Ghostbusters by using Onavo. Onavo was a VPN-like research tool that Facebook acquired in 2013. In 2019, Facebook shut down Onavo after a TechCrunch investigation revealed that Facebook had been secretly paying teenagers to use Onavo so the company could access all of their web activity.
The Project Ghostbusters technique relied on technology known as a server-side SSL bump performed on Facebookâs Onavo servers. SSL bumping, also known as SSL interception, involves intercepting and decrypting SSL/TLS traffic, inspecting it for malicious content or policy violations, and then re-encrypting and forwarding it to the intended destination.
To gain access to the data about their competitor, Facebook incentivized users to install âkitsâ on both Android and iOS devices that impersonated official servers and decrypted traffic that Facebook had no right to access.
These kits allowed Facebook to intercept traffic for specific sub-domains, allowing them to read what would otherwise be encrypted traffic and to measure in-app usage of their competitorâs apps. The users were clueless about what the kits did exactly, but it allowed the operators to view and analyze the traffic before it got encrypted.
According to the court documents, advertisers suing Meta claim that Facebook later expanded the program to Amazon and YouTube. This practice is likely in violation of wiretapping laws and âpotentially criminal.â Facebookâs secret program likely violated the Wiretap Act, because it prohibits intentionally intercepting electronic communications with no applicable exception and the use of such intercepted communications.
Weâll keep you updated on how this develops.
We donât just report on phone securityâwe provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices with ThreatDown Mobile Security.
