Facebook Exposes User Data To Apps Developers

Since broad security measures were put in place last year, Facebook might have mistakenly allowed as many as 100 app developers to access user information without their explicit consent.

“These were primarily social media management and video streaming apps, designed to make it easier for group admins to manage their groups more effectively and help members share videos to their groups,” according to Konstantinos Papamiltiadis, director of platform partnerships at Facebook.

Per Papamiltiadis, at least 11 partner developers accessed group members’ information in the last 60 days. 

Currently, Papamiltiadis and his team have no evidence to suggest that the exposed data was exploited by developers, but that might not be enough to reassure concerned users and privacy advocates.  

Since April of 2018, Facebook has been reviewing the ways users can share data with outside companies. 

As part of that review, the tech titan has removed or restricted a number of developer APIs, including the Groups API, which provides an interface between Facebook and apps that can integrate with a group.

Before the change, group administrators could authorize an app for a group, which gave the app developer access to information in the group. 

After the change, if an admin authorized such access, apps would only get select information, such as the group’s name, the number of users, and the content of posts. 

As part of its ongoing review, Facebook recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than was intended. 

The issue is just the latest example of Facebook cleaning up the wreckage of past mistakes. 

Late last month, the company agreed to pay a $643,000 fine in the United Kingdom to settle an investigation into Cambridge Analytica.

The settlement ended a probe started by the Information Commissioner’s Office in 2017, shortly after it emerged that Cambridge Analytica had obtained the personal information of up to 87 million Facebook users.

Next story loading loading..