OpenSocial API software detects defects. Hackers can use it to modify files.

In November 6, the first application launched by Google's OpenSocial API program was hacked. Hackers can use it to modify user files.

According to foreign media reports, this application is developed by a third-party developer RockYou and runs on the Plaxo social network, it enables Plaxo members to update and synchronize Microsoft Outlook, Mozilla Thunderbird, Mac OS X calendar and address book.

Developers nicknamed "harmonyguy" reported a defect in the RockYou "emoticons" application to John, vice president of marketing at Plaxo. This defect allows harmonyguy to add emojis to John's user file on Plaxo without obtaining user consent.

After harmonyguy finds this defect, Plaxo has disabled the application. John wrote in his Plaxo blog last Friday that we have temporarily disabled the application due to some defects found today. We apologize for any inconvenience. We just started to try to open our network, so it is normal to have an accident.

Last week, Google announced a plan to allow many social network sites to use its OpenSocial API. OpenSocial standardizes the APIs of many different social network sites, allowing third-party developers to develop applications that can access user profiles.

Plaxo is only one of the many companies that have joined Google's OpenSocial API program. Companies that join the program also include Engage.com, Friendster, LinkedIn, MySpace, Oracle, orkut, Plaxo, and Salesforce.com.

Harmonyguy said that although some third-party Facebook applications such as SuperPoke have been hacked, Facebook's platform makes it difficult to modify user files.

Although modifying emojis is not a malicious attack event, Harmonyguy warned that if Google cannot ensure the security of its platform, more destructive attacks may occur in the future.