Data privacy, data security and Facebook just don’t seem to be on the same page. At least, they haven’t been on the same page for a while now. The popular social network has admitted that more than 100 developers may have had unauthorized access to user information in Facebook Groups—this includes names and profile pictures, group activity and some amount of individual member information. This is a surprise considering Facebook had apparently closed off the Groups API last year, as a part of a series of moves to make data more secure after the Cambridge Analytica scandal. But the thing is, Facebook isn’t even sure if it is 100 developers. It insists the number could be less. But well, the number could be more too. Whatever the case, Facebook now insists that the stream of data has been completely cut off.
Facebook has not disclosed the names of the developers who may have continued to access this data. Facebook also doesn’t seem to have any clue about whether these developers were actively monitoring that data or whether it was an inadvertent mistake, and what they may have done with that user data that was shared without user consent.
“As part of our ongoing review, we recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended. We have since removed their access. Today we are also reaching out to roughly 100 partners who may have accessed this information since we announced restrictions to the Groups API, although it's likely that the number that actually did is smaller and decreased over time,” writes Konstantinos Papamiltiadis, Director, Platform Partnerships at Facebook, in an official post.
Over the past year and a bit more, Facebook made changes to the Groups API on the platform to make user data more secure. In April 2018, Facebook added new rules that required developers on the platform to get approval from Facebook before using the Groups API. The system was updated in July in the same year with new additions that Facebook insisted allowed it to monitor the process better.
Incidentally, this access of data has been going on till the not too recent past. “We know at least 11 partners accessed group members’ information in the last 60 days,” writes Papamiltiadis. Facebook allows Group administrators can use third-party tools to manage their groups and in the process give certain third-party apps information about the group’s users and activity. One of the changes last year was specifically designed to ensure that these developers are unable to see or access Groups’ members names, profile photos or other profile data.
Comments
0 comment