Facebook App Redesign “Tricks” Users Into Installing Apps

Facebook Virus

TechCrunch just published a fantastic article outlining the deceptive new layout for Facebook Apps.  Facebook has changed the buttons/options you see when an app would like access to your Facebook profile.  In the past, you would be greeted with an “Allow” or “Don’t Allow” option.  Now you are no longer presented with the clear options and in fact now, there’s only one button – “Play Game”.  This is something to be expected from ‘hackers’, virus writers, etc.  They’re intentionally trying to deceive people into clicking on buttons or pictures that appear safe.  Coming from Facebook though, I think this is a bit much.

I have a feeling this is going to lead to more users allowing malicious apps to have access to their user profile.  I’m all for trying to make things easier for users, but I think there’s a stark difference between “Allow/Don’t Allow”…

Old Facebook Allow/Don't Allow Options
Old Facebook Allow/Don’t Allow Options

As compared to the new “Play Game” option…

Facebook 'Play Game'
Facebook ‘Play Game’ instead of ‘Allow’ or ‘Don’t Allow’

This is social engineering 101!

Make sure you discuss this with your employees so they’re aware of this change.  Bogus apps will typically redirect you away to another 3rd party site which attempts to download and install malware on your system.  All it takes is one simple, “Oh, I didn’t think a Facebook App could be harmful” to bring a system down.

Some quick tips for staying safe while on Facebook:


  • Only install apps that you trust and that come from legitimate developers.  If you’re unsure, then you don’t need that app.
  • We recommend using a Javascript blocker, such as NoScript for Firefox.
  • Utilize an ad-blocker, such as AdBlock.
  • Always make sure you have the latest operating system updates.
  • Ensure you’re using good, up-to-date antivirus + anti-malware software – we recommend ESET Nod32 and Malwarebytes’ Anti-Malware Pro.

Just keep an eye out and read before you click!

I am a Software Developer, System Administrator, and consignment software specialist. I currently manage hundreds of consignment workstations, point of sale systems, and database servers all across North America and I am the developer of Peeps' Software, Peeps2Go, and Peeps' Consignor Login for iOS and Android. I've been helping consignment & resale store-owners since 2003. I started The Computer Peeps in February of 2010. Peeps' Software launched in 2016 and is now on hundreds of systems all across North America. I have successfully converted dozens of stores from all of the major consignment software systems. After 20 years of working with consignment stores, I understand the unique challenges consignment & resale store-owners face. From electrical issues in old buildings or strip malls, to advocating for them when their old consignment software keeps crashing.

4 thoughts on “Facebook App Redesign “Tricks” Users Into Installing Apps

  1. Kate Holmes

    Does a javascript blocker interfere with all javascript? if so, why install it just to “stay safe” on fb? ps how can we get our friends/fans on fb from including OUR name on apps like the one that sends “Joe Blow requesting your birthday”
    Now, an app that sends me roses on my b-day would be another matter 😉

  2. Dean

    NoScript (the Javascript blocker we recommend) blocks all Javascript. I think everyone should install and use NoScript, regardless of whether or not you use Facebook.

    It’s just that exploits are commonly Javascript-based and it’s a common exploit to publish what appears to be a legit app to the Facebook Apps market, then redirect the user to a 3rd party site so the malicious code can be executed. Having NoScript installed and enabled, will prevent that.

    People forget they have NoScript installed though. 🙂 They’ll go to visit a site they haven’t visited since installing NoScript. Since many sites utilize Javascript and other active content, a website usually won’t look right or function properly until you allow it. So it’s more a matter of being prepared for how NoScript works and knowing you have to allow/whitelist a site. Once you’ve hit your usual sites though, you usually have your whitelist all set within the first 24-48 hours.

    Go to Privacy Settings > Blocked People and Apps > Manage Blocking. You can block requests from specific people, or specific apps:

    Facebook Privacy Settings

    Facebook has just become too much of a breeding ground for viruses and crappy content. I get my news and info from reddit and I share via Google Plus. I have a Facebook account so I can participate in Resale Connect, but Google Plus really does offer more for businesses @ SEO and it’s a bit more grown-up in certain ways than Facebook is. I’m trying to think of how the consignment industry can take advantage of Google Hangouts – i.e. Google Plus’ free video conferencing. You can invite people to a group video conference and everyone can see and hear one another.

    I’m still waiting for the beer & cupcakes on my birthday app! 😉

  3. Kate Holmes

    Thanks, Dean… as I understand the javascript thingie, I can allow/disallow it on sites as I wish, and once allowed, the permission remains on my future visits to that site, right?
    I too am waiting for FB to go the way of MySpace. Hate the bossiness of it all, and if I didn’t have to reach MY customers… resale shopkeepers… I’d be off it in a flash!

    1. Dean

      @I can allow/disallow it on sites as I wish, and once allowed, the permission remains on my future visits to that site, right?

      Yep! You nailed it right on the head! The first time you visit Facebook after installing NoScript, you’ll see at least two sites to be allowed:

      In this case, it’s Facebook’s primary domain (facebook.com), as well as one of their secondary domains (fbcdn.net). Sites the size of Facebook aren’t running on just one computer in a closet somewhere. Frequently, ‘assets’ (e.g. images, style sheets, etc.) will be offloaded to another server/other servers dedicated to ‘content delivery’.

      Take a look at Google Plus when you have a second. It’s worth claiming your own page, just for the SEO benefits alone. Let me know if you have any questions!

Leave a Comment

Your email address will not be published. Required fields are marked *


Back To Top