Have you ever received a message from a Facebook friend that reads something like this?
“I think you’ve been hacked. Someone using your account just posted a nasty message [or photo] on my Newsfeed! You need to change your password.”
I received a bunch of messages like this during the first year or so after I started using Facebook.
And I’m guessing you’ve received them too.
Well, truth be told, while it’s always possible that someone did hack into your account and use it to post those nasty things on your Timeline, the most likely culprit was either a scammer using a cloned account or a malicious app.
I covered the entire account cloning epidemic in this post, so I’ll talk about malicious apps in this one…
Every time you enable an app on your Facebook account you agree to give it a list of “permissions”.
In a nutshell, permissions are just what it sounds like they are…
If you choose to install an app you give that app explicit permission to access every bit of information on your public profile and perform every act that’s listed in the Permissions section.
And for many Facebook apps one of the acts you give them permission to do is post on your Timeline. And when they make those posts, it will appear that the post was published by you because it’s YOUR name that will show up in your friends’ Newsfeeds.
In other words, the app will be impersonating you every time it posts something on your Timeline.
Legitimate apps will use this permission honestly and only post things that you expect it to post.
For example, a legitimate game app might publish a post congratulating you every time you have achieve a new high score.
The problem lies in the apps that aren’t all that legitimate – and there are a bunch of them.
Malicious apps abuse the permissions you grant them to do things that are harmful to you and/or your Facebook friends.
And some of the biggest offenders are apps that post nasty things on your Timeline for all your friends (and possibly their friends as well) to see.
Luckily, it’s easy to identify apps that have permission to post things on your Timeline. Just follow the steps below for the device you’re using.
If you access Facebook via a web browser on a laptop or desktop computer:
1 – Log into your Facebook account.
2 – Click your little profile avatar picture located at the right end of the top menu bar.
3 – Click Settings & Privacy.
4 – Click Settings.
5 – In the left-hand column, click Security and login.
6 – Click the Apps and Websites link in the left-hand column. You should now see a list of all the apps that are currently enabled on your Facebook account.
7 – Click the View and Edit link for the first app in the list and review the permissions you have granted for that app.
If you see something like “Post on your Timeline ” or “Post content into groups on your behalf” or anything similar and the toggle switch is set to on (i.e. it’s blue), then that app is allowed to post things in your name.
If it’s an app you’ve used for a while and trust completely you can leave that setting as-is.
If it’s an app you don’t recognize or don’t trust completely I strongly recommend that you either disable the app or at least revoke its permission to post on your behalf.
8 – Repeat the steps above for the rest of the apps that are listed.
9 – (Optional) If you never use any apps or games at all you can click the Turn Off button on the “Apps, websites and games” line to prevent any apps or games from getting enabled on your account in the future.
If you access Facebook via the Facebook app on a mobile device:
1 – Open the Facebook app and sign into your account.
2 – Tap your little profile avatar picture in the corner of the screen.
3 – Scroll down and tap Settings & Privacy.
4 – Tap Settings.
5 – Scroll down to the “Security” section and tap Apps and Websites.
6 – Tap Logged in with Facebook. You should now see a list of all the apps that are currently enabled on your Facebook account.
7 – Tap the Edit link beside the first app in the list.
8 – Carefully review all the permissions listed for that app. (Note: You might need to tap several links in order to review all the permissions for the app.)
If you see something like “Post on your Timeline” or “Post content into groups on your behalf” or anything similar to that then that app is allowed to post things in your name.
If it’s an app you’ve used for a while and trust completely you can leave that setting as-is.
If it’s an app you don’t recognize or trust completely I strongly recommend that you either disable the app or at least revoke its permission to post on your behalf.
9 – Repeat the steps above for the rest of the apps that are listed.
10 – (Optional) If you never use any apps or games at all you can tap the Turn Off button in the “Apps, websites and games” section to prevent any apps or games from getting enabled on your account in the future.
That’s all there is to reviewing the permissions you’ve granted for every app that’s currently enabled on your Facebook account.
By the way, any app you enable will have permission to access ANY piece of PUBLIC information on your account, including your birth date, address, phone number and more. And they typically have a wide range of things they’re allowed to do with that information.
This is why I strongly recommend that you carefully consider what types of info you want to make public on Facebook!