What will happen on the side of the user? Examples ofdiversion permits for the purpose of stealing personal data.send me email. Network applicationssocial turn in "clouds", which means they use theirown cloud (Facebook applications are not developed byFacebook unless otherwise stated). It is impossible to control the futuredata once in the cloud. This means that the addressese can fall into the hands of spammers. Facebookoffers users the ability to hide their real email addressand to use one that is temporary for each application. However,this option is not enabled by default and is intended to block futurewaves of spam, when the user has deleted an application or aflagged as generating spam.access my basic information. With e-mail addresses,basic information can help the user to spammerscreate customized messages that exploit the tastes, the centersinterest, etc ... expressed by the user. Both of these permissions can beabusive, but they are required to operate manylegitimate applications that need to be able to identify with certainty theusers to stay in communication with them.Manage my pages. This authorization can be a dangerous tool inthe wrong hands because it allows to recover the administrative rightspages that the user operates. Consequently, the misapplicationhaving requested permission can start posting messagesautomatic (in appearance from the legitimate user) on anypage run by the victim.Post on my wall. The applications will use this fakepermission to flood the wall of the user and those of his friends withunwanted content it broadcasts. Legitimate applications will usepermission to display the information interesting or usefulthe user has specifically agreed to receive and read (Statisticsfor example).access my data at all times. This authorization mayenable application developers to send fake messagesat the right time, without risk of them deleted by the account holder.When such permission is not requested, the application can interactwith the user's account when it is connected. InGenerally, unless the application is a game, users willconnected for a short time. If the application can access anywhen the user data as soon as the initial content was harmlessensured a wide audience, it will be easier to the creator of the applicationintroduce harmful content, when his actions can notnot be noticed by the user.As an application can request a fixed set of permissions,the challenge for the user to find a way to distinguish goodapplications bad.A solution for the user to carefully consider whatpromises to provide the application and the degree of plausibility from the promise("Find out who has viewed your profile", "My very first status on Facebook"for example, are viable baits rigged for applications).A simple Internet search can dispel doubts about the legitimacyan application.