Facebook Admits Another Developer Privacy Snafu

Facebook has revealed yet another incident where third-party developers may have been allowed too much access to user data.

In this case, names, profile pictures and other information relating to members of Facebook groups may have been accessed improperly by as many as 100 developer ‘partners’ of the social network.

“We know at least 11 partners accessed group members’ information in the last 60 days,” said Facebook director of developer platforms and programs, Konstantinos Papamiltiadis.

“Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted.”

The snafu relates to a Groups API that Facebook restricted as part of its efforts in April last year to clamp down on data sharing with third parties, in the wake of the Cambridge Analytica scandal.

“Before April 2018, group admins could authorize an app for a group, which gave the app developer access to information in the group,” said Papamiltiadis.

“As part of the changes to the Groups API after April 2018, if an admin authorized this access, that app would only get information, such as the group’s name, the number of users, and the content of posts. For an app to access additional information such as name and profile picture in connection with group activity, group members had to opt-in.”

Unfortunately, the social network subsequently discovered that some apps/developers retained access to this additional information “for longer than intended.”

These have now been removed as part ..

Support the originator by clicking the read the rest link below.