Update on March 11, 2021 at 11:00AM PT:
Facebook has reached a settlement in the case of Facebook v. OneAudience. OneAudience agreed to an audit, and a permanent injunction banning them from using Facebook in the future and engaging in the challenged practices, as well as the payment of monetary damages, which is what we requested from the Court during the litigation. This legal action was part of our ongoing efforts to protect our users from data misuse and to enforce our Terms and Policies.
Originally published on February 27, 2020 at 11:11PM PT:
Today, Facebook filed a federal lawsuit in California court against OneAudience, a New Jersey-based data analytics company that improperly accessed and collected user data from Facebook and other social media companies by paying app developers to install a malicious Software Development Kit (SDK) in their apps.
Security researchers first flagged OneAudience’s behavior to us as part of our data abuse bounty program. Facebook, and other affected companies, then took enforcement measures against OneAudience. Facebook’s measures included disabling apps, sending the company a cease and desist letter, and requesting their participation in an audit, as required by our policies. OneAudience declined to cooperate.
This is the latest in our efforts to protect people and increase accountability of those who abuse the technology industry and users. Through these lawsuits, we will continue sending a message to people trying to abuse our services that Facebook is serious about enforcing our policies, including requiring developers to cooperate with us during an investigation, and advance the state of the law when it comes to data misuse and privacy.