Facebook has filed lawsuits today in both the US and the UK against MobiBurn, a UK software company that provided advertising tools for mobile app developers.
In particular, MobiBurn provided an advertising software development kit (SDK) that allowed app developers to embed ads inside their applications and monetize user behavior.
But in a lawsuit filed today, Facebook claims the SDK contained malicious code that illegally collected the personal data of Facebook users.
Facebook said the data was collected when users installed any mobile app that contained the MobiBurn advertising SDK. When this happened, the code would activate and collect a person’s name, time zone, email address, and gender.
“Security researchers first flagged MobiBurn’s behavior to us as part of our data abuse bounty program,” said Jessica Romero, Facebook’s Director of Platform Enforcement and Litigation.
MobiBurn declined to participate in an audit
However, while Facebook was handling this report internally, these findings also made it into the press in November 2019, when CNBC run an article detailing MobiBurn’s practices.
The same article also accused OneAudience, another company that provided an advertising SDK, for engaging in similar practices.
A day after the CNBC report, both SDK makers posted messages on their websites claiming they only provided the tools but were not involved in the data collection, shifting blame to the mobile app developers who abused their SDKs.
Both companies also discontinued their respective SDKs.
However, at the time, as part of its internal investigation, Facebook also wanted both SDK makers to cooperate and submit to an audit, so Facebook could confirm their statements and make sure the companies deleted any Facebook user data they had illegally obtained.
Both companies declined to cooperate. Facebook sued OneAudience in February, and, today, the social network is following through with its lawsuit against MobiBurn.
A MobiBurn spokesperson did not return a request for comment, neither this week nor in November 2019, when we first reached out to the SDK maker.
Second lawsuit also filed today
But Facebook also sued a second company today. The social network also sued Nikolay Holper for operating Nakrutka, a website that sold Instagram likes, comments, and followers.
Facebook said that Holper operated a network of Instagram bot accounts, which he advertised through the Nakrutka website.
Before filing today’s lawsuit, Facebook said it tried several other methods to dissuade Holper from continuing running the site, such as sending a formal warning, cease and desist letters, and by disabling Holper and Nakrutka’s accounts on Instagram.
Nakrutka is the second such service that Facebook has sued this year. In June, Facebook also sued MGP25 Cyberint Services, a Spanish company that provided the same types of services as Nakrutka.
Since early 2019, Facebook’s legal department has been filing lawsuits left and right against various third-parties abusing its platform. Previous lawsuits include:
March 2019 – Facebook sues two Ukrainian browser extension makers (Gleb Sluchevsky and Andrey Gorbachov) for allegedly scraping user data.
August 2019 – Facebook sues LionMobi and JediMobi, two Android app developers on allegations of advertising click fraud.
October 2019 – Facebook sues Israeli surveillance vendor NSO Group for developing and selling a WhatsApp zero-day that was used in May 2019 to attack attorneys, journalists, human rights activists, political dissidents, diplomats, and government officials.
December 2019 – Facebook sued ILikeAd and two Chinese nationals for using Facebook ads to trick users into downloading malware.
February 2020 – Facebook sued OneAudience, an SDK maker that secretly collected data on Facebook users.
March 2020 – Facebook sued Namecheap, one of the biggest domain name registrars on the internet, to unmask hackers who registered malicious domains through its service.
April 2020 – Facebook sued LeadCloak for providing software to cloak deceptive ads related to COVID-19, pharmaceuticals, diet pills, and more.
June 2020 – Facebook sued to unmask and take over 12 domains containing Facebook brands and used to scam Facebook users.
June 2020 – Facebook sued MGP25 Cyberint Services, a company that operated an online website that sold Instagram likes and comments.
June 2020 – Facebook sued the owner of Massroot8.com, a website that stole Facebook users’ passwords.