It’s a little-known fact, but Facebook provides a free malware scan to users if it thinks it has detected a virus on your device. This service used to be optional, but Facebook now requires that you run it — and according to a report from WIRED, this scan has led to problems for users all over the world, including getting locked out of their accounts.
The scan also functions inconsistently, sometimes going away if an affected user simply changes browsers or if a different user logs onto Facebook from the same device. Additionally, some experts fear that these pop-ups could train users to blindly accept “malware scans” that actually turn out to be malware itself. And the company isn’t exactly transparent about the antivirus companies it’s trusting to access users’ devices.
“What does Facebook collect from their antivirus partners?” Mohammed Mannan, a security researcher at Concordia University, told WIRED. “An antivirus product can collect a lot of useful information from the user machine—telemetry data; beyond what Facebook gets through their website—and share it with Facebook. Facebook should make their agreements with antivirus partners public.”
While the idea of a Facebook-run malware detector is a good idea on its face, it’s troubling that Facebook has made it mandatory to use it once the site detects — or thinks it detects — a problem. And the fact that Facebook isn’t being transparent about how it works just makes the issue look worse.