Tuesday, September 8, 2009
FanCheck Developer Defends App, Says It's Not Malware
Malicious hackers are trying to capitalize on insistent rumors that FanCheck infects users' PCs with viruses, Facebook and security company Sophos are warning. These hackers are setting up malware-infested Web sites that falsely claim to remove FanCheck viruses.
When concerned Facebook members use search engines to find antivirus information about FanCheck, they are getting search results that point to these malicious sites, where they are tricked into downloading fake and malicious antivirus software.
"FanCheck is NOT a malicious app. Unfortunately, some malicious developers have been spreading a lie that it is -- and encouraging people to download fake virus scanning software, which damages their computer. This is very unfortunate, but it has nothing to do with us," said Arulkumarasan, who describes himself as a Hong Kong-based entrepreneur.
Facebook has reviewed the application and hasn't found it to contain malware, according to a Facebook spokesman.
Arulkumarasan launched the application in late July, initially calling it StalkerCheck, a name Facebook asked him to change.
Since then, it has become very popular, although the popularity seems to be waning, maybe due to the controversy surrounding it. Earlier on Tuesday, the FanCheck page on Facebook stated it had more than 12.5 million monthly active users, but late in the afternoon that number had dropped to 6.4 million.
It has been reviewed almost 6,000 times and received a low average rating of 1.6 stars out of a possible five stars. Many Facebook members have left messages in the application's page complaining that FanCheck disrupted their Facebook profiles and their PCs as well.
The developer challenges these accusations. "In general, applications can never damage your profile or PC unless they ask you to install something on your computer. FanCheck does not, and never has asked people to install anything on their computer, although it did require Adobe Flash to work," Arulkumarasan said.
Some of the initial interest in the application may have stemmed from the incorrect belief that FanCheck would allow people to create logs of who visited their Facebook profile and what they viewed there.
In fact, Facebook makes it impossible for applications and users to gather this type of passive-browsing information. Facebook members can't know who has silently viewed their pages, photos, videos and other content they have posted.
The misperception that FanCheck could uncover this type of data led Facebook to ask Arulkumarasan to make the application's description clearer, the Facebook spokesman said.
According to Arulkumarasan, FanCheck calculates who are your biggest Facebook fans -- previously "stalkers" -- by counting the number of times they interact with your profile, by writing on your wall, posting comments, "liking" posts and so on.
"[It] then ranks friends in order of how often they interact with your profile. It does NOT measure page views, photo views or anything which doesn't involve a wall post -- so simply viewing someone's profile won't get you on the list," Arulkumarasan said.
The developer had to take FanCheck offline for several days because it became "too popular, too quickly" and he couldn't afford the bandwidth charges. "The application jumped by a million fans in two days, and my costs rose to nearly US$1,000 per day," he said.
Arulkumarasan re-activated the application on Tuesday afternoon, after tweaking it to make it less costly to run by using HTML instead of Flash. It may have some bugs, but he expects those to be ironed out within 24 hours.
"Facebook has never asked me to take the application down," Arulkumarasan said.
He also defended the notifications generated from the application and said they comply with Facebook's guidelines.
FanCheck users can tag friends in their "fan" list, so that a thumbnail image of the screenshot gets posted to their tagged friends' profiles along with a link inviting them to install the application. A thumbnail image is also broadcast to the friends of those tagged friends.
At first glance, this seems like the type of spammy and confusing application-notification method that Facebook has tried to eradicate. Not so, said Arulkumarasan.
"When I first launched the application, a large number of users started taking screenshots of their fan list, and manually tagging their friends. A lot of users don't know how to do this on their computers, so a few days ago -- Sunday I think -- I decided to make it an optional, one-click button," he said. "We never forced users to share and tag photos, and we never did anything without their permission. We simply made it easier to do something that users were already doing."
"I should also note that tagging photos using applications is NOT against Facebook terms," he added.
Facebook hasn't had a chance to do a full investigation on the way the application sends notifications to users because that functionality was added shortly before the developer took down the application, the Facebook spokesman said.
Arulkumarasan said he temporarily removed the "share this as a photo" button because it makes the application grow too quickly, along with bandwidth costs, but he expects to restore it soon.
The developer said he studied economics at Cambridge University in the U.K. and then worked at an investment bank before deciding to strike out on his own.
"I'm not a very experienced programmer, but I chose the Web as a good place to start a business, because startup costs are relatively low," he said.