Here we go again – Chrome extension developers scraping user data. Maybe we ought to make this a weekly series. We’ve spoken at length about this and I always try to do my best to bring these things to your attention. Over the past month, we’ve had a very popular extension, along with 15 Facebook and Instagram extensions that we know of taking advantage of their users. Now, Facebook themselves have brought four more to light for doing the very same thing, and they’re even taking legal action against two of them.
If you have any of the following four extensions added to your Chrome browser, you need to remove them immediately! As you can see, they’re all Facebook and Instagram oriented once again – it seems to be the easiest kind of extension to manipulate. I wouldn’t know, it just looks that way. Honestly, you should only install extensions from sources that are well-known and that you trust. Even then, there’s always the chance that one of the good ones turns bad too.
- Blue Messenger (A notification alert app for Facebook Messages)
- Emoji Keyboard (A shortcut keyboard app)
- Green Messenger (A WhatsApp Messenger)
- Web for Instagram Plus DM (Tools for users to DM others on Instagram)
Two of the unnamed developers who presumed an identity under the business name Oink and Stuff (developers of Green and Blue Messenger) embedded hidden code that functioned like Spyware. Facebook itself has revealed this information to the public in a post recently.
“Oink and Stuff “misled users into installing the extensions with a privacy policy that claimed they did not collect personal information.”
Jessica Romero, Director of Platform Enforcement and Litigation at Facebook
The company said on its own website that it had over a million users, but it may just be falsified data. The name itself for the company kind of looks and feels like a sort of “shell company” for lack of a better term, just and only created for the purpose of performing malicious acts under the pretense of legitimacy. The other aforementioned extensions were guilty of similar things – all promising that they did not store or utilize user information in malicious ways, only to do so freely.
more from Chrome Unboxed
As of writing this, all four of them seem to have been removed from the Chrome Web Store, so far as we could investigate, but Oink and Stuff remain operational as a developer on the Google Play Store where they offer 10 separate apps. Many of these resemble the extensions that have been called out and one is literally the app version of Blue Messenger, so we recommend avoiding this developer entirely.
