- The app is supposed to help manage Facebook ad pages, but is likely a backdoor into user accounts.
- It’s readily available on Apple’s App Store, showing up in searches for Facebook ad tools.
- A user who was locked out of accounts said that Facebook has almost no customer support. “Facebook sucks.”
A search for “Manage Facebook Pages” in Apple’s app store will turn up several legitimate apps to help people and advertising agencies manage ads on the platform. The results also show a new app that looks legit but isn’t. The app is supposed to be a backdoor for a hacker to take full control of a user’s accounts.
The Pages Manager Suite app is the second result in Apple’s app store when you search for a Facebook ad manager, two ad agency sources told Insider, which confirmed this through its own search. Both agency sources were locked out of their accounts after using the app, while hackers began serving ads through the accounts and using their budgets.
2022 Meta Inc. is listed as the company for the app (Facebook changed its corporate name to Meta Platforms last year). And the app developer is listed as Bronzelab SG Ltd which has no online presence. The app’s listed seller is VI DO CO., LTD, which a search of registered companies shows is associated with numerous entities registered in Vietnam. Facebook last year sued a number of people and entities in the country for participating in a hacking ring, saying they had covered $16 million in advertising costs.
A company representative did not respond to a request for comment at the time of publication.
Apple prides itself on its app store as safe and says it “provides layers of protection to ensure apps are free of known malware and haven’t been compromised,” according to support site. A company spokesperson said the app in question was initially submitted as a simple document manager without Facebook functionality, but its functionality changed after it was listed on the app store. After Insider’s investigation into the app, Apple removed it from the store.
Apple has long maintained that it allows only the best apps into its app store, the only place where the estimated 900 million active iPhone users can access and download apps. Yet, analysis last year by the Washington Post estimated that up to 2% of Apple’s most popular apps were scams.
A leader at an independent advertising agency said they downloaded the Pages Manager app two weeks ago, believing it would help them serve Facebook ads from their phone. Within 10 minutes, the person had lost all access to their personal Facebook account and several accounts that worked for clients. All emails and passwords were changed and account recovery was impossible as passwords were sent to new emails, possibly controlled by hackers. The only way to access online customer support, the person said, is to be logged into an account.
“It’s infuriating and a nightmare,” they said. The person, who has been running Facebook ads for several years, remains locked out of their work accounts. They were able to regain access to their personal account after personally emailing a Facebook manager and asking for help.
Advertising accounts for the vast majority of Facebook’s nearly $120 billion in annual revenue, yet it has no immediate customer service support for customers who can’t access their accounts. The Facebook Ads Reddit page has had dozens of posts in recent months from ad managers who say they’ve been hacked and received little to no support from the platform.
“They have a number you can call,” the agency chief said. But after being directed to select a number for Facebook or Instagram, a caller is simply told no phone support is available and disconnected. “If you have a problem at Google, they’ll talk to you. At Amazon, they talk to you.”
If the person could find an alternative to Facebook, they would, but for now, none is available. “Facebook sucks, but they kind of have the market locked up.”
Are you a Facebook employee or someone with knowledge to share? Contact Kali Hays at email@example.com in our secure messaging app signal at 949-280-0267 or via Twitter DM @hayskali. Reach out using a broken device.