‘What are your most used words on Facebook’ app goes viral

A viral app on Facebook has got some people confused and worried, highlighting there is still lots to learn about how Facebook apps work and what they can and cannot do. We investigate the app and clear up some confusion along the way.

This article has been updated with the response from the app developer at the end of the article.

Whenever a Facebook app goes viral, we inevitably get a surge of questions asking us if it’s a virus, malware or a phishing scam.

And that has been the case with the “What are Your Most Used Words on Facebook” app that currently seems to be the trending app on Facebook at the moment. It is an app that analyses your past posts and provides a “word cloud” that depicts what words you used the most in the last year or so.

Many have claimed it’s a phishing scam, a virus, malware or even a nefarious method of harvesting your data. So the question is, is it really any of those things?

Let’s take those questions, one at a time.

Is the ‘What are your most used words on Facebook’ app a virus or malware?

No. Facebook apps are not malware (this includes viruses.) They install on your Facebook account. Malware, on the other hand, installs on your computer. Yes, some Apps can try and lead you to webpages that will try to install malware on your computer, but we haven’t seen this with the “What are your most used words” Facebook app.

So the answer is no.

Is the ‘What are your most used words on Facebook’ app a phishing scam?

From what we can tell, the answer is also no. Facebook apps can lead to phishing scams, by asking for sensitive information about you like passwords, but we installed the app and it did no such thing.

Does the ‘What are your most used words on Facebook’ app harvest a user’s a personal information?

This is perhaps the more interesting question, since when the permissions box came up (screenshot below) it did ask for access to a lot of information about us, including our birthday, friends list, hometown, likes and photos. We fail to see how this information is required to analyse our timeline posts in search for our most popular words.

vonvon-popup

In fact, we know this information is not required, since we edited the permissions to only allow this app access to our profile picture and our timeline posts, and the resulting ‘word cloud’ was the same. Thus we know that the app is asking for far more permissions than it actually needs, which is certainly a red flag.

If you do choose to install an app, we always recommend limiting the information it has access to. You can do this by clicking the “Edit the info you provide” link on the permissions pop-up as with the screenshot above.

But does this mean the app is harvesting our data? In short, we don’t know. The developer of the app is a website called VonVon, who have a number of other apps on their site (including some dodgy-sounding “Facebook stalker” apps and lots of other trashy sounding apps.) They have a privacy policy that states they don’t share your information with third parties without your consent, and if they do, they will remove any personally identifiable data, so ultimately it comes down to whether you’d trust them to honour that agreement.

Personally, we wouldn’t.


Sponsored Content. Continued below...




Will the ‘What are your most used words on Facebook’ app post spammy links from my account?

The app never asked us to give it permission to post from our account by itself, so no. Once you complete your ‘word cloud’ you are given the option to share it on your timeline, but this would be a one-time only post. It doesn’t mean the app can post from your account whenever it liked.

The bottom line…

The app doesn’t appear particularly malicious, but bear in mind it is asking for more permissions than it needs, and if you don’t trust the people behind the app, you shouldn’t install it (as a general rule of thumb.)

If, however, you do want to install it, we recommend two things –

1. Limit the information it gets. We were able to get the app to work by denying it permission to everything accept our profile picture (which was required) and our timeline posts.
2. Uninstall it when you’re done. These apps don’t really need to stay installed on your Facebook account, so uninstall the app once you’ve used it by going into your settings section and selecting Apps.

It is important to remember that with Facebook apps, you should only install them once you trust them. If you don’t trust them, you should remain cautious and check what permissions it asks for, check on the legitimacy of the company who created the app and if necessary, ask others for advice.

25/11/15 UPDATE: VonVon’s response –

VonVon – the company behind the app located in Asia – spoke to us via email with comments including the following –

We never store [private information] in our databases. If the user chooses to share their quiz result, then it gets stored in Facebook’s servers, not in ours. More specifically, in case of “What are your Most Used Words” we do not store any form of original words from user’s past postings. These words are immediately disposed as soon as the user closes the web browser, and there is no way of retrieving these data from a 3rd party

We made no trick to make a hole in privacy policy. There is no sneaky practice. We haven’t and have no intention to sell personal information to 3rd parties.

At this moment, we are doing all we can to do minimum privacy intrusive practices to directly address users’ concerns. I genuinely wish that this event will not hurt the online quiz/entertainment industry as a whole. There are a lot of good sites than bad ones. The ones the users should be worrying about are the ones that ask user’s email address, billing and credit card information, not ones like ours.

We can confirm that since our article was published, The “Most Used Word on Facebook” app is now asking for fewer permissions. When we pointed out that lots of their apps had been asking for excessive permissions – something which is a privacy red flag, VonVon responded –

While we wanted to less intrusive way for our users to engage with our daily quizzes and games,
it has been a learning for us that less intrusive privacy practice could win the user loyalty for a longer run.

Ultimately our conclusion is the same as before. Neither the app or the VonVon company seem particularly malicious, but users should be careful what apps they install on their accounts, and should choose to limit apps to developers that they trust, and to always be careful what permissions a particular app will have access to when it installs. Always be cautious of apps that sound suspicious like apps that assert to provide information on who “stalk you on Facebook” and so forth.

Further reading –

Why Facebook Apps can be dangerous.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)