Social Media Security Series: Part 1

Third Party Permissions and Session Management in Social Media

It has become apparent that online account management is a hugely neglected part of our social media experience. Most of the attention is on passwords and more recently, 2-factor authentication; which is great. I’ll like to highlight a constantly ignored aspect of account management and privacy generally referred to as 3^rd Party Access.

I’ll also touch a bit on Session Management because they as similar concepts. At the end of this article, you should understand what the concepts are and know how to better manage your social media accounts. For the sake of this article, our focal platform will be Twitter; and we’ll briefly cover Instagram and LinkedIn as well.

Simply put, a 3rd party is anyone who isn’t directly involved in an agreement. A very common example, is a service offering users a way to view all the people who aren’t following them back on Twitter. In this scenario, Twitter provides the users a service – which you’ve agreed to when creating your account; while this 3rd party service is like a bonus feature as twitter can function without it.

So why am I talking about 3rd Party Access..?

3rd party services tend to offer something attractive to users, in exchange for some access to your account. If they want to give you a list of everyone who isn’t following back, they need to see who you’re following and who is following you first. Once you give them access to your account, they can do whatever they are permitted to (whatever you agreed to let them do when registering for their service). So you want to be careful when clicking ‘next’ or ‘agree’ on apps and websites.

In some cases, they could have access to your DMs, trends, timeline, followers, with the ability to make modifications. Another danger is that their access could be persistent forever. Meaning that – as long as you don’t revoke that access, it remains.

So if you come across this article, please join me as we check to see what 3rd party services have access to our Twitter accounts, and for how long.

Third Party Access and Session Management for Twitter

The steps are as follows:

1. In the app options, tap ‘Settings and privacy’.
2. Select ‘Account’ – this should reveal your account information, as shown in the  image below.
3. Scroll down and select ‘Apps and Sessions’ – this should take you into the  embedded browser and display a page like the one shown below. This shows a list of every app (service) that has access to your account, and a list of every device your account is logged into – also known as Sessions.
4. To revoke access, select the app you don’t want to have access to your account by clicking on it.
5. Click ‘Revoke Access’ – usually in red. Below, access has been revoked hence “undo revoke access”.

As you can tell by now, even though a user may have forgotten about the service over time, the access remains until revoked. A reason to revoke them is many of these 3rd parties are not as diligent in handling data or as security conscious as Twitter.

I urge you to also look at the Sessions. Perhaps you’re wondering how your ex always knows what you’re up to LOL. You could have logged in on his/her device in the past, and never logged out, and now they can read your messages. So log out sessions you do not recognise immediately by tapping the device you and tapping “Log out of the device shown”.

To log out all sessions bar the one you’re using, tap the “Log out all other sessions” button, on the “Apps and Sessions” page. Also, make it a rule to log out all sessions whenever you change your password. This will ensure that every device you have logged in through, will be logged out and require the new password to log in.

Note that these concerns cut across all social media platforms that have such features. Keep reading to learn how to manage 3^rd party access and sessions on Instagram and LinkedIn.

Third Party Access and Session Management for Instagram

Here are the 3^rd party management steps for Instagram:

1.Go to your profile and tap ‘Settings’. A page like the image below will be displayed.

2.Select ‘Security’.

3.Scroll to ‘Apps and Websites’ and select it. You’ll be shown 2 categories namely; Active and Expired.

4.Select ‘Active’ to display the apps and websites that you have granted access to in the past.

 

5.You can now review this list. If you decide that you do not want these apps and websites to have access to your information and profile, click on the ‘Remove’ button – next to the name of the app or website in question. But if you’re okay with the list, press back.

6.For session management, select ‘Security’ in the settings, and go to ‘Login Activity’. This will display all the devices where your account is logged into.

7.After reviewing them, select the ‘Options’ button on the one you want to remove and hit ‘Log out’.

Third Party Access and Session Management for LinkedIn

Lastly, here are the 3^rd party management steps for LinkedIn:

1. Tap your profile picture at the top left corner of the screen and tap ‘View profile’. On your profile page, select the settings symbol at the top right corner.
2. Under the ‘Account’ tab, select ‘Permitted services’.

3. Like we have done for Twitter and Instagram, go through the listed services and decide if you want to revoke access or not.
4. Select the service in question to view the option to revoke permissions.
5. For session management – still within the ‘Account’ tab, select “Where you’re signed in”; which shows your active sessions.

 

6. To log out from a device, scroll to the device in question and tap the ‘End’ button on the far right of the session details.

And that’s basically what you need to know about 3^rd party and session management on Twitter, Instagram, and Facebook.

Remember to share this important post with your friends and family because we are responsible for our internet safety and data privacy.

Watch out for the Part 2 of this Social Media Security Series.

About Author

Samaila Bako is a Cyber Security Awareness Trainer who is passionate about digital forensics, social engineering, and device security. He is a certified ethical hacker who is interested in how emerging technologies like Internet of Things, Cloud and Artificial Intelligence, affect the size and safety of data.

Twitter – @atsen_