Facebook on Thursday filed a lawsuit in federal court against OneAudience, claiming the New Jersey-based analytics company paid developers to install a malicious software development kit in their apps that could later be used to improperly harvest user data from the social network.
In the lawsuit, Facebook alleges that OneAudience paid developers, sometimes shopping and game app makers, to include the SDK in their apps, some of which were distributed on the Google Play store. When a user installed and logged into one of the apps, the SDK allowed OneAudience to collect information, Facebook says.
The harvested information included names, email addresses, locales, time zones, Facebook IDs and sometimes gender information, Facebook said.
Facebook said the lawsuit, which was filed in San Francisco federal court, was part of its crackdown on abuse of its platform. The social network has previously sued an Israeli company for allegedly using its WhatsApp messaging system to hack phones and app developers that allegedly engaged in ad fraud.
“This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users,” Jessica Romero, Facebook’s director of platform enforcement and litigation, said in a statement. “Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies, including requiring developers to cooperate with us during an investigation, and advance the state of the law when it comes to data misuse and privacy.”
OneAudience didn’t immediately respond to a request for comment. In a statement dated Nov. 25, the company said it had updated the SDK to prevent the collection of personal information shortly after the problem was brought to its attention. It later shut down the SDK entirely.