Concerns Over Facebook Stream Importer for Google+ Abound
An application that allows Firefox and Chrome users to view Facebook stream data within Google+ is popular, but may put users at a security risk due to issues with the coding.
Google+Facebook, developed by Israeli developer Crossrider, lets users see Facebook streams and update Facebook statuses from within the Google+ platform. The extension has thus far proved popular: according to company execs, there have been over 100,000 downloads in just one week.
Unfortunately, the code may be insecure. Crossrider CEO Koby Menachemi admitted himself that the application was written in less than a day, and so "the product is not perfect." Taking this fact into consideration, it's not impossible that Crossrider's coders may have missed something.
Questions about Google+Facebook's possible security issues were raised over the weekend, when Reddit user RogueDarkJedi posted comments on a story promoting the app. In the comments, RogueDarkJedi alleges that Google+Facebook "acts like malware," and says it's a "security vulnerability waiting to happen."
The app also does a number of other seemingly unscrupulous things, such as changing search preferences to a site controlled by Crossrider and appending a signature to e-mail messages sent on certain webmail providers. Uninstalling the app reportedly does not remove many of the changes Google+Facebook makes.
"So should you trust these guys? In my opinion, [expletive deleted] no. Do NOT install this, it does more harm than anything. Stay the hell away," RogueDarkJedi wrote in the comment.
The post caught the attention of Crossrider, who responded to a Lifehacker post about the application, in which Lifehacker recommended its readers not install the app. Cofounder and CTO Shmueli Ahdut shot back, saying the way Google+Facebook auto-updates is "at the edge of extension-technology today," and that no changes are made without the user's permission.
RogueDarkJedi updated his post saying that the company was not being honest with its users, and that its code was still sloppy: "Stop lying to your users and to Reddit. Clean up your code, issue an apology, tell your users what they are getting into and secure your platform."