SpeedDate, the online dating site that throws singles in a series of rapid dating sessions, has hijacked over 500,000 users from at least three Facebook applications. Users are logging on to Facebook to find that the applications they’ve had installed for months have been replaced with SpeedDate without being asked to opt-in.
As far as we can tell, all three modified applications were developed by HappyAppy, so it’s likely that SpeedDate either acquired the company with the $6 million it raised last month or the two companies share the same development team. Users are being sent brief messages notifying them that their applications have been renamed and “improved”, but only after the switch has been made without their consent.
The three affected applications are:
In effect each of these applications has acted as a Trojan Horse, getting install permissions under false pretenses only to pull the bait-and-switch later on. Dozens of users have exhibited outrage over the swap in the review section of each application. It’s likely that such dishonest tactics are against Facebook’s Terms of Service, but after at least ten days of complaints Facebook has yet to act.
There’s also the question of how this change could ever happen in the first place. Does Facebook have no safeguards against replacing an application’s entire codebase, effectively making user bases totally transferable? What good is issuing per-application install permission when developers can replace a “good” application with a spammy one at will? Developer acquisitions are only going to become more common – Facebook should have a system in place to ensure that user privacy is not compromised in the process.
Check out Andy Kruger’s blog for more.