Facebook Admits Numerous Devs Had Improper Access To User Data In Groups

facebook tiles
Facebook continues to be unable to keep data on its users safe from developers who shouldn't have access to that information. The social network notes that since April of 2018, it has been reviewing the ways that developers can use Facebook to share data with outside companies. Since that time, it has removed or restricted developer APIs like the Groups API, but it has found that 100 developers still accessed this data for longer than it intended.

Facebook's Konstantinos Papamiltiadis wrote in a blog post that Facebook found, as part of an ongoing review, that some apps retained access to group member information, like names and profile pictures, in connection with group activity from the Groups API longer than it had intended. Facebook will be reaching out to "roughly 100" partners who may have accessed this information since it announced restrictions to the Groups API. Papamiltiadis says that Facebook knows that at least 11 of these partners access group members' data in the last 60 days.

Facebook says that it has seen no evidence of abuse, but it will ask the partners to delete any member data they have retianed. The social network will also conduct audits to determine that the data has indeed been deleted. The developers who continued to access the group's information were primarily social media management and video streaming apps designed to make it easier for group admins to manage groups and to help members share videos.

Facebook's new framework for accessing group information is part of its agreement with the FTC, which also included more accountability and transparency into how it builds and maintains products. The company notes that it expects to find more places where it can improve as it continues to work through the framework. Facebook's framework doesn't seem to be working as intended. In September, Facebook had another major security flaw that exposed the phone numbers of over 400 million users.

Show comments blog comments powered by Disqus