Connecting Via Facebook or Google: Are Social Network Logins Safe?

January 2018: If you’ve ever wondered whether or not it’s a good idea to create new accounts using a social network like Facebook for your login information, wonder no more.

While ease of use is definitely a reason to go social, there’s a price to pay for free services! Here’s why social network logins are so popular, why apps are happier when you to use them, what apps collect when you do, and what happens to the information that’s collected. Then you decide — click or don’t click?

Why people like social network logins

When given the option between using a social network to create a new account for an app or using an email address plus password combination, most people prefer the faster, easier way — they click the social button. With social network login, apps use your existing social account for authentication each time you log in so you don’t have to remember a password or (gasp) reuse one either. Social logins are especially popular with young people who may not create an account at all if social login isn’t available. Social login popularity drops off with older users who tend to be more skeptical about sharing information, but they like that the social network login doesn’t require an email address so it (ostensibly) protects them against spam and phishing attempts.

Why apps want you to use social network logins

The technology behind social logins, also known as social media connections, is more solid than human memory. If users forget their passwords, there’s a 92% chance they’ll leave the site instead of reset or recover it.

Social login also helps the app verify an account holder is a real person, which helps prevent hacker theft and fraud. It gives the app access to verified email addresses (sorry, spam-avoiders) and does a better job tracking web use than cookies, because social networks follows users across all devices. But perhaps most importantly for some apps, social logins provide information that is financially lucrative.

What third-party apps collect

When you use a social login, you agree to allow the third-party app to access some of your personal data from your social network profile. This typically includes your public information — your name and profile picture — and some or all of the following:

  • Email address
  • Birthdate
  • Gender
  • Location
  • Contacts
  • Interests
  • Friends
  • Photos
  • Files
  • Calendar

You are given the opportunity to approve access before opening the account, and some apps allow you to opt out of certain types of information access.

What apps do with the information

Apps request your information either to function properly — for example, a photo editing app needs access to your photos — or to gather information about you to sell to advertisers. Social network profile information, timelines, check-in and photo locations, likes, follows, searches and other expressions of what makes each user unique is a gold mine for marketers. The more marketers scrape and analyze the data, the more they can target their advertising efforts. Advertise cat toys to dog owners? Why bother?

And while some apps include language in their privacy policy that says they won’t sell your personal data, some do not and others don’t keep their promises. This could impact your privacy, depending on the information you’ve allowed the apps to access.

Many free apps come in pay versions that remove the ads. There’s a reason for that! Either way, the app is there to make a profit.

In addition to Facebook and Google, apps that provide social logins include Instagram, Twitter, Yahoo!, Amazon, PayPal, Salesforce, Fitbit, WordPress and dozens of others.

What your risks might be

  • If the app doesn’t have a solid track record, you could be allowing novice developers (or worse) into your personal life
  • If the app doesn’t use good security practices, the information collected from you can be hacked, which can create a domino effect that impacts every account using the same login information
  • If the app wants to access data that’s not required for the app to function, the app developers may have ulterior motives
  • If you don’t regularly manage your social login apps, you could have more apps than you need, collecting data and updating their privacy policies without your consent
  • If you haven’t read the privacy policies of each app, you don’t really know what you’re sharing

How to manage your social login apps

It’s easy to forget which apps are using social network login. Once every couple of months, take the time to review the app management section of each of your social networks. Make sure you still want to be connected to the apps and agree to the data that’s being collected. If you don’t, simply revoke the permissions or delete the app from your social network.

Here’s what to do for Facebook, Google, Instagram and Twitter. Remember to review all of your social networks or apps like Amazon and Fitbit, too.

At Leapfrog, we’re all about helping our clients manage their data and keep it safe. One of the things we watch out for is unintended consequences. For example, if one of the apps you’re using with social network login is hacked, it can create the domino effect mentioned above. It’s especially risky if you’re not in the habit of logging out of social networks on each device once you’re done using them (few people do). This daisychain of login information can create even greater challenges for those responsible for keeping enterprise network and data secure. If you are a Leapfrog customer and have questions about social logins or concerns about information that may have been collected already, please contact the Leapfrog Help Desk.

If you liked this post, don’t forget to subscribe to FrogTalk, our monthly newsletter.