Google's OpenSocial Could Invite Trouble

Online social networks are locked in a fierce battle to determine who can be the friendliest. Facebook welcomed developers last May to build applications for the site in exchange for revenue. MySpace, Friendster and others soon followed suit. Earlier this month, Google pushed the "everyone is welcome" attitude to its extreme with OpenSocial, a partnership of social networks that will let developers create a common set of applications to be used across many sites.

Now, some Web security analysts are asking: How friendly is too friendly? As social networking sites open to developers, can they keep users' private information closed to prying hackers? An application developed by a third-party developer might be easier to hack than the social networking site on which it runs, says Dan Hubbard, a researcher for the Web security firm Websense.

That could potentially allow an intruder to change a user's profile or access private personal data. OpenSocial's greatest strength could be its greatest weakness: Google (nasdaq: GOOG - news - people ) hopes applications developers will work with OpenSocial technology because they need only write an app once for it to run on many popular sites, including Orkut, MySpace, Friendster and Bebo. But that same scale also makes attacking an OpenSocial application a more attractive proposition for hackers.