Security
Brought to you by

Ask LH: Is It OK To Use My Facebook Account To Sign Into Apps?

Dear Lifehacker, Why do all these apps on my phone and on the web want my Facebook (or Twitter and Google) information to sign up for an account? Is it safe to do this? Sincerely, Signing Off?

Dear SO,

Social logins are common these days. You need a Twitter, Facebook or Google account for a lot of services. Sites and apps want to link to your social network account for two main reasons: authentication (it saves them from storing your password and info), and to collect your data from your social network. Here’s what each of them do, and why you might not want to use them.

Why Services Require You to Sign In with a Social Network Account

The main reason services require you to sign in with a social network account is a security measure called OAuth. OAuth is basically a means to log in to a third-party site using your Facebook, Google or Twitter information. This means websites don’t have to worry about keeping your password and username secure.

Basically, when you log in to a site with OAuth, you’re granting them access to your account — like you’re showing them the secret back gate to get in — but you can close that gate at any time. They don’t get the keys to the house, they just know where the door is. This means if the third-party site is compromised, your Facebook, Twitter or Google account are safe (although the services you grant access to can continue to post, read or whatever else on your behalf if you don’t cut that off).

In a lot of cases, the OAuth authentication is all an app wants or needs. However, in other cases, you’re also granting apps access to your data. Calendar apps, address books, music services and anything that uses your social network to provide news commonly do this. When you sign up for a service, you’re taken to your Facebook, Google or Twitter page and shown what that service has access to, if it can post to your account, and who can see those posts. On their own, these aren’t dangerous (unless you’re worried about services collecting your data), but they do have the potential to get annoying.

Fortunately, it’s incredibly easy to see what those apps have access to and revoke their privileges.

Why You Might Not Want to Use Your Social Networks with Apps

In a lot of cases, social integration — whether it’s in the form of accessing data or as a security measure — is a good thing, but that doesn’t mean apps don’t end up doing annoying things on your social network accounts. As a good rule of thumb, if you don’t want anything automatically showing up on Facebook or Twitter, don’t let apps post for you. In the case of Facebook, you can at least change the “Posts on your behalf” setting to Only Me” so if the app does post something, nobody will actually see it. If you want to revoke those permissions completely, it’s pretty easy to do manually, or with a service like the previously mentioned MyPermissions.

Review Your Facebook App Permissions

A lot of apps want access to your Facebook account so they can integrate social features. For example, a number of calendars want access so they can add in birthdays and events. In most cases, these apps only have access to your events, but not every service out there plays nice with your account. Reviewing your permissions is very easy:

  1. Visit Facebook, click the gear icon in the top right, and select “Account Settings”.
  2. Click the “Apps” tab on the left side (or just head straight to it if you’re already signed in).
  3. Select “Edit” to change the permissions of any app, or click the “X” to revoke access to your Facebook account.

It’s a good idea to clean up your Facebook permissions regularly, so make a habit of checking out this tab every once in a while.

Review Your Google App Permissions

Google also has its own set of app permissions, although it’s probably not as cluttered as your Facebook account:

  1. Head to the Authorized Access to your Google Account page
  2. Click “Revoke Access” to any apps, sites and services you no longer use.

That’s it. Unfortunately Google doesn’t let you fine-tune control over what data apps have access to, so it’s an all or nothing approach.

Review Your Twitter App Permissions

Twitter is much like Google in that you don’t get to fine-tune the access that apps have, but it is incredibly easy to revoke their permissions:

  1. Visit Twitter, click the profile menu in the upper-right corner of the screen and select “Settings”.
  2. Click “Apps” on the sidebar on the left (or head straight there if you’re logged in).
  3. Review the list, what type of access they have and click “Revoke Access” if you no longer want them.

The main cause of concern you should have with any app that has access to your social network account is that they can access your personal data or post something without you realising it. If you don’t like giving that data away freely, you’re best off searching for services that allow an email login instead of linking to your social network account. Reviewing the privacy policy of any app you link is also important, and if nothing else, check the permissions to make sure it can’t post something without you knowing it.

Cheers
Lifehacker

Got your own question you want to put to Lifehacker? Send it using our contact tab on the right.


Have you subscribed to Lifehacker Australia's email newsletter? You can also follow us on Facebook, Twitter and YouTube.