CanaryTrap: Detecting Data Misuse by Third-Party Apps on Online Social Networks

TL;DR

CanaryTrap is a system that detects data misuse by third-party social media apps by using honeytokens and monitoring their unrecognized use, revealing cases of ransomware, spam, and targeted ads.

Contribution

We introduce CanaryTrap, a novel method that systematically detects data misuse by third-party apps on social networks using honeytokens and monitoring techniques.

Findings

Detected multiple cases of data misuse including ransomware and spam.

Uncovered targeted advertising and privacy violations.

Deployed on 1,024 Facebook apps with significant findings.

Abstract

Online social networks support a vibrant ecosystem of third-party apps that get access to personal information of a large number of users. Despite several recent high-profile incidents, methods to systematically detect data misuse by third-party apps on online social networks are lacking. We propose CanaryTrap to detect misuse of data shared with third-party apps. CanaryTrap associates a honeytoken to a user account and then monitors its unrecognized use via different channels after sharing it with the third-party app. We design and implement CanaryTrap to investigate misuse of data shared with third-party apps on Facebook. Specifically, we share the email address associated with a Facebook account as a honeytoken by installing a third-party app. We then monitor the received emails and use Facebook's ad transparency tool to detect any unrecognized use of the shared honeytoken. Our deployment of CanaryTrap to monitor 1,024 Facebook apps has uncovered multiple cases of misuse of data shared with third-party apps on Facebook including ransomware, spam, and targeted advertising.