Online security: Restrict app permissions, be safe
Quick login to websites using social media accounts is good, but can be risky at times.
Last week, there were a host of Twitter accounts that were compromised and Nazi-based swastika symbols were being posted on the accounts. The soft hack was probably in support of Turkey’s president ahead of a referendum in April. However, this is a good learning experience for all netizens, especially those who use social media accounts as a medium for a quick signup on various websites.
Well, yes — signing into unknown websites and apps on your smartphone by using social media accounts could cause harm, even compromise your accounts for good. In order to be safe, you should avoid doing so, or at least make sure the service or website, you’re giving access to your social accounts, are genuine.
If you have ever logged into any smartphone app or a website service by using your social media accounts from Google, Facebook or Twitter, instead of going through the painstaking procedures of signing up with various details needed, there is a good chance that you must have opened up a small backdoor to your social media platform to a potential hacker. The feature of associating your social accounts for a hassle-free sign-in are usually safe as the social accounts will not allow the hacker or the app/service to change the passwords or access your accounts. However, if you have given access accidentally, or aren’t sure about the service, it’s better that you revoke the access before you have issues later.
Though the apps are authorised with a generated token, they never actually give out the real username or password to the website/app/service you are using it for logging in. In the case of the recent hack, it is alleged that an app called Twitter Counter could be at fault for the swastika hack. The app is meant for data analytics on Twitter and the app also requests for permissions to tweet on your behalf. If hackers have managed to compromise this app, there are high chances that he can get into your accounts and cause havoc.
So how do you revoke unwanted access to your social accounts?
If you have already given access to your social accounts, but don’t remember how many website you must have done that for, it is fairly simple to get them revoked from a single place — the social media security section itself. Simply head to your social media account and revoke the access to the websites that you may have given permission to earlier.
For Google, simply log in to the URL - https://myaccount.google.com/secureaccount. Once logged in, carry on with the steps on the website.
For Twitter, click on your avatar and select ‘Settings’ and then ‘Privacy’. On the left side panel, you should be able to find ‘Apps’, under which you can click on ‘Revoke Access’ for each app/service/website that you don’t want to use ahead.
Lastly, for Facebook you need to click on the question mark icon on the top right, and in the drop down menu, click on ‘Privacy Checkup’. Under this menu you should find ‘Apps’, where you can finally revoke access.
For other social accounts, you should be able to hunt for the same settings under privacy.
It is important to keep checking this area at least once in two weeks, or a month, to ensure that you are not giving unwanted access to apps that you don’t favour. Be safe!