In view of all the rogue applications that have lately targeted Facebook users, the announcement that the social network will require developers to verify their Facebook account (by confirming their mobile phone or adding a credit card) in order to create new applications is a welcome one.
“We’re taking this step to preserve the integrity of Facebook Platform, ensuring that every application is associated with a valid and real Facebook account,” says in the announcement.
It is definitely a step in the right direction – everybody agrees on that. But, it seems patently obvious that this measure will not be nearly enough. According to ReadWriteWeb, Sophos’ Graham Cluley thinks that the verification process will be easily bypassed by using stolen credit cards or disposable mobile phones. He also thinks that Facebook should seriously consider putting stronger controls in place. “After all, what legitimate application developer is going to complain?”, he says.
Rick Ferguson of Trend Micro also advises Facebook to set up some kind of application approval precess, and Kaspersky’s Ryan Naraine proposes code signing and/or inspection when the application is submitted in the first place.
Seems to me, Facebook could learn a thing or two from the way Apple runs its Store.