Why Facebook should Police their API

For years we have been warned to be careful of what we installed or even what we clicked on Facebook, but as malware on the social network runs rampant don’t you think that it’s time we demand Facebook to pay attention? The malware issue on Facebook is a much bigger problem than they lead us to believe because it strikes at the very foundations of their established ecosystem.
If you woke up this week to dozens of posts on your Facebook wall requesting you watch some gruesome video of Osama Bin Laden being killed, then you are not alone. Millions of people have been affected by it in the last few days since Bin Laden’s assassination by Monday night yet it took Facebook two more days before removing it from their network.
This is not the first time malware takes over the social network, in fact this sort of thing is a daily occurance. Facebook is completely crawling with malware and right now as you read this a hundreds of more malicious apps are coming to life in the Facebook ecosystem.
Malware on Facebook generally relies on either exploiting a vulnerability in the website’s security (Bin Laden) or more popularly simply creating malware posing as a legitimate apps. It has reached a point on Facebook where all apps can be perceived as malware or spam until proven otherwise; one of the most popular examples being “Who is viewing my profile” apps.
Why is it so difficult for Facebook to keep it’s hands on the network? When it comes to malware exploiting vulnerabilities in Facebook’s code, those type of problems should be fixable by simple patching up the vulnerability but the problem is more difficult for malware apps. The answer lays in Facebook’s core strategy to expand and grow their influence on the web.
Facebook believes that they need to build a platform on which every other service depends on for the social graph, user details and promotion. For this reason Facebook has opened up the gates to the city and allowed anyone with a keyboard to spawn applications into its ecosystem. In other words anyone with bad intentions and a bit of code can slap together an app that gives them full access to your Facebook profile by just disguising their app as something innocent.
My personal advise would be that you should simply not use any 3rd party apps on facebook. There are a very small number of apps that really serve a useful function but the vast majority of them are malicious. Would you give strangers on the street a key to your house? Then why do you allow strangers to have full access to your Facebook profile?
This is a huge problem for Facebook and spells  bad news for you the general user. Essentially, until Facebook becomes more Steve-Jobs-like about their API and who they allow to have access to it,  malware and spammy apps will always be in their system.
Please Note: We need to emphasise that the Bin Laden malware did not make use of the Facebook API to spread, it exploited a security vulnerability in Facebook.