Skip to main content

Facebook will limit developers’ access to account data

Facebook will limit developers’ access to account data

Share this story

In the wake of the Cambridge Analytica scandal, Facebook has announced further limits it’ll be placing on apps that gain access to your account. Developers will now receive less information in the first place, they’ll be cut off from access when people stop using their app, and they’ll have to get Facebook’s approval to access more detailed information.

By default, developers using Facebook Login will now receive only a user’s name, profile photo, and email address when someone signs in through Facebook. Further information, such as their Facebook posts, will require the developer to receive permission from Facebook. It’s not clear how robust of a process this will be (they’ll have to “sign a contract”), and it’s not clear if Facebook intends to run audits to ensure compliance with privacy measures — as it failed to in the Cambridge Analytica situation — but it’s a start to preventing user data from being needlessly spread around.

Cutting off access helps. As for signing a contract...

Additionally, Facebook will now cut off apps’ access to an account’s data when that person hasn’t used the app for three months. This is a helpful change from a user’s perspective, as many people have realized in recent days that they’ve allowed hundreds, if not thousands, of apps to remain connected to their Facebook accounts, potentially collecting data.

The changes were announced in a Facebook post today by Mark Zuckerberg, who until now has remained silent about the data scandal. His post also outlines additional steps Facebook plans to take to ensure users are aware of what’s happening with their data. Within the next month, Facebook will place a tool at the top of the News Feed that gives people a way to disable apps. The company also plans to “investigate all apps that had access to large amounts” in the past, to ensure nothing was abused, and to tell users if it’s discovered that their data was mishandled.

To do that, Facebook says it will look for “suspicious activity” among the companies it investigates and “conduct a full audit” of them; if they decline the audit, they’ll be banned from Facebook. Developers that misused “personally identifiable information” will also be banned. The investigation applies to developers who were on the platform during or before 2014, when Facebook made a change that limited how much data they had access to. At the time, developers could access data from a user’s friends, even though their friends may not have granted the app access. That’s how Cambridge Analytica was able to obtain information on 50 million accounts, despite starting with fewer than 300,000 users.

Facebook also intends to expand its bug bounty program to include misuse of data in third-party apps, which isn’t something typically found in this type of program.

Facebook says additional changes will be announced in the “coming weeks,” and that it intends to accelerate other data protection efforts it was already working on. Some of those, it says, were in response to forthcoming data protection rules in the European Union.