Most Facebook Apps Can Post Behind Your Back

How many apps have you installed on Facebook? More importantly, how many of them could post something in your name right now, without your knowledge? Chances are, it’s more than half of them.

Privacy protection company Secure.me analyzed some 500,000 Facebook apps, and shared the results exclusively with Mashable. The biggest takeaways: 63% of those apps ask for the ability to post on your behalf — and 69% of them want your email address.

”It has become second nature to connect various apps like Instagram, SocialCam, AngryBirds, CityVille, and Spotify to your Facebook ID,” says Secure.me founder Christian Sigl. “You just click ‘agree’ without even really knowing what you are agreeing to. What you don’t realize is that social apps linked to your Facebook profile can pretty much track your and your friends’ whole life.

“It doesn’t matter what your privacy settings are, the apps still get this information.”

What the app makers could do with that information beggars belief. Not only could they effectively hack your Timeline and sell your email address to any unscrupulous buyer — they’re also potentially well on the way to stealing your identity. Some 30% of those apps know their users’ birthdates, which would in theory allow them to uncover their social security numbers.

The permission puts your friends at risk, too. According to Secure.me, 21% of apps — 1 in every 5 — can access the personal data of the user’s friends including friends‘ birthdays, education and work history. Some 12% of the apps can grab your location information at will.

Of course, few of us are concerned about the big name apps — the Instagrams, the Spotifys. These are companies that have won our trust. But big-name apps make up just a small portion of the 500,000 total. What do you really know about the maker of that personality test or music quiz you just posted to your Timeline?

Part of the problem, as Sigl suggests, is the fact that there’s no granularity here. You can’t initially decide which permissions the app really needs, and which go beyond its remit. You can’t give an app limited permission for a day or a week. App permissions, when they first pop up, are far too one-size-fits-all.

We reached out to Facebook, and here’s an official response from a spokesperson: “We give people a variety of tools to control their app experiences on Facebook, and hold developers to our Platform polices. Apps must specifically request the data they need to operate, including email addresses and publishing capability.

“After a user installs an app, apps are not permitted to post to that person’s Timeline without their consent. If an app is found to be in violation of these policies, we will take action against it.”

How many Facebook apps have you given permissions to? Let us know in the comments.