Facebook found that some apps from approximately 100 third-party developers, retained access to group and member data, although it has removed or restricted a number of their developer APIs, such as the Groups API, providing an interface between Facebook and apps that can integrate with a group.
Facebook has been changing the ways that people can use Facebook to share data with outside companies since April 2018, after they detected data breaches linked with their APIs. According to the blog post of Facebook’s Konstantinos Papamiltiadis, Director of Platform Partnerships, while the ongoing review and changes continue since this date, the social media platform revealed that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than they intended.
Facebook’s new framework requires more transparency
Since April 2018, to prevent data breaches through APIs, Facebook doesn’t allow access to the developer to information in the group.
Konstantinos Papamiltiadis, Facebook Director of Platform Partnerships;
Today we are also reaching out to roughly 100 partners who may have accessed this information since we announced restrictions to the Groups API, although it’s likely that the number that actually did is smaller and decreased over time. We know at least 11 partners accessed group members’ information in the last 60 days. Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted.
He gave an example:
If a business managed a large community consisting of many members across multiple groups, they could use a social media management app to provide customer service, including customized responses, at scale. But while this access provided benefits to people and groups on Facebook, we made the decision to remove it and are following through on that approach.
Facebook’s new framework under agreement with the Federal Trade Commission (FTC) is required more accountability and transparency into how they build and maintain products and services for factors such as data breach, privacy adherence, etc.
Stay tuned for up-to-date Cyber Security News