Mirror, mirror on the Wall/ Is this app nasty at all?


Fairytales, myths, legends: those stories that enchant you when you’re a child turn into amazing revelations of the archetypes of human behavior/thought when you grow up. Once you’ve got the hang of archetypal skeletons (for instance the perpetual good vs. evil conflict….you know, superhero whacks the pants off super-villain of choice) you can have fun (or even make a living out of it if you’re into mythic/archetypal criticism, psychoanalysis, etc.) stripping any story you hear (from “Beowulf fights Grendel and his mother” to “Spiderman fights everyone” and even “little Frodo Baggins fights big evil eye”) down to its core.

By developing this ability you can quickly get the gist of the story, while also relishing the infinite varieties of verbal “clothes” it can be covered in.

Now that we’ve rolled up our archetypal sleeves, let’s see how we can apply this rule to the world of Facebook apps. In other words, what are the possible signs of an app gone bad? (hang on it’s a top 8 thing :) )

1. You don’t look like a Jose to me.

In other words, is the name of the application strange?Yes, that’s a real hint. “What’s in a name?”, say you? Well…quite a lot. In my humble opinion (yes, I do have humble opinions…sometimes.) a legit app will be given a clear and, if possible, memorable name so that its users know what they’re getting into.  Therefore, something like “MMN” or '…,.?' or even jolieforyou/?eacdwyxu should raise some eyebrows (if not both, at least one….pretty please?).

Request for permissions

In addition to that, the name should match the promise of the app. So, if you’re planning to install an app that promises to tell you how addicted you are to Facebook, wouldn’t you have some doubts about its legitimacy if it were named “memo76”?

Finally, watch out for copycats. 'frmvilles'?????????Don’t assume that the app authors have got bad spelling skills. This IS an attempt at tricking you. 

2. So, this is what a blonde with blue eyes looks like?

Request for Permission Take 2

Translation: is the app picture consistent with what the app does? Call me a detail addict, ‘cause that’s what I am. According to the simplest principle of app spreading mechanisms, the visual element associated with the app should be easily recognizable, memorable and illustrative of the app’s main functionality.

3. Meet the parents.

Cautious as you are by nature (and by training now) you might wonder who the app developer is. An obscure vendor or, on the contrary, one whose name strikingly resembles that of a famous person? Does Justin Bieber still need more fame than he already has? Well, a Facebook app could not hurt his career. Trouble, trouble, trouble…

Watch the Video

4. Heard it through the grapevine.

A good app, just like a bad one, should be the talk of the town. So, what do other users of the app you want to install say? How about taking a look at the app review page? Careful, it’s not the numbers that count here. In fact, bad apps will boast impressive user, like and review counts. It’s what people actually say about the app that will give you a valuable hint

Who's been spying on you lately?

5. You will meet a tall dark script. Copy and paste it!

Copy and Paste a script

This is a kind reminder that no legitimate app should require that you copy and paste any piece of code into your browser in order for such app to work.

6. Passwords please! AGAIN?

Once you are logged in to the social network, no app should ask for your account password again. Now would be a good time to remember some good old rules that keep us all away from the perils of phishing.

Phishing is an illicit method of acquiring personal data such as usernames, passwords or credit card details by creating a web page that’s the prefect lookalike of a trustworthy entity’s web page. Phishing baits are usually sent out via e-mail or instant messaging. Here are a few tips that will help you stay away from phishing traps (the elements are marked on the two images below):

  1. Notice the URL of both pages? Is it possible for the Facebook URL to be “farrtbook”?

Plus, every respectable login page should use “https:”. The real Facebook page does.

2. Aren’t we in 2011? Could Facebook have got that wrong?

3. If you are not in the US, the real Facebook page will provide you the option to login using your native language. The other one does not.

4. Not all the options provided on the real Facebook page are also present in the fake one. This phisher is quite  lazy.


Real Facebook page

Phishing page

Fake Facebook page.

7. Maaaaaaaa, they’re asking if we’re human…..

As a general principle, the social platform you are using is trying to make the user experience as enjoyable as possible. That’s why taking any human verification test, let alone a maze of quizzes that never seem to get you anywhere, is a request that’s very unlikely to come from a legitimate app.

IQ test as CAPTCHA

8. Pigs DO fly.

Promises, promises. Will the app be able to stand by its promise? Let’s take an example: considering the growing concern with respect to user privacy, do you think 'spy apps'  will be able and allowed to tell you the number of profile views, provide you with a list of friends that visited your profile and the like? To better understand this side of the problem, the recently launched BitDefender Safego infographic takes you through app land and helps you tell the good from the bad.

Don’t forget that BitDefender safego is there to keep your social network account safe from harm.

Happy sharing, everyone!

This article is based on the technical information provided courtesy of Tudor Florescu, BitDefender Online Threats Analyst

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author

Ioana Jelea

Ioana Jelea has a disturbing (according to friendly reports) penchant for the dirty tricks of online socialization and for the pathologically mesmerizing news trivia. From gory, though sometimes fake, death reports to nip slips and other such blush-inducing accidents, her repertoire is an ever-expanding manifesto against any Victorian-like frame of thought that puts a strain on online creativity. She would like to keep things simple, but she never does.

1 Comment

Click here to post a comment