How Gyft Stole My Personal InformationDecember 19th, 2012
I’m going to start off this article by warning people, DO NOT SIGN UP FOR GYFT! Do NOT install it on your phone! Why? Because they will steal your information and you can’t do anything to stop it. Gyft is an app that is supposed to allow you to easily trade/exchange gift cards to stores for other stores, but their shady business practices make me want to NEVER give them access to anything worth any real world value.
The Android version of Gyft launched the other day, so I downloaded it to check it out. Upon first launch, it asks you to sign in with your Facebook account. So, I did so. Upon trying to log in, I was presented with an error message. Apparently their servers were swamped since it was launch day. I assume nothing worked, since I never got any confirmation or was presenting with any terms of service or anything, so I uninstall the app and say screw it.
An hour or so later, I received an SMS spam message from them asking to click a link and confirm my number (I did NOT click this link). My first though was WTF? I NEVER authorized them to harvest my phone number! It really pissed me off that they just ganked my phone number and I had no idea. I never gave them permission to take it or use it for ANYTHING. I reported the app to the Google Play Store at this point.
Then a few days later, and the reason I am writing this, I learned that they also apparently pillaged my Facebook information and saved it all. Even though I unlinked the app from Facebook with in minutes of deleting the app from my phone, it was apparently too late. I received an email today reminding me that one of my Facebook friend’s birthdays is coming up. Another big WTF from me! I never authorized the pilfering of my (nor my friends) data. Plus, I had already unlinked Gyft. Upon removal, Gyft SHOULD have to delete the data they collected from me, but that is obviously not the case. So, Facebook friends, sorry about that. All I hope is that they don’t spam you too. Who knows how much information they were able to harvest.
I will give them some credit in that they deleted my account today within 5 minutes of me sending them the email request. At least they got that right (although I am sure all of my information, including Facebook data, is still in their system).
Lesson learned here; pay attention to the apps you install and realize any time you sign in to an app or webpage with your Facebook account, they collect and store all of your information, even if you unlink the app or website, and they will likely keep it forever!