Facebook admits 100 third-party developers access to user information
Facebook has revealed that around 100 software partners or simply developers had unauthorized access to user information. This was discovered when the social media giant was conducting a review of the data it shares with its software partners.
In Facebook’s developer blog, it was announced that the company had removed and restricted several of its developer APIs owing to concern over partners getting access to data more than intended. The Groups API that acted as an interface between Facebook and apps with groups was changed back in April 2018. Before that, the groups were allowed to authorize an app to a group. Since the changes were made, if group admins authorized access, the app would receive information including the group’s name, number of users, and the content in the posts.
However, in a recent audit, Facebook found that some of the developers managed to retain access to user information from the groups despite of the changes. This included names and profile pictures related to group activity. Access was retained by these developers longer than Facebook intended and now it has been removed.
About 100 developers had access to the information since the changes were announced to the Groups API, and at least 11 of them accessed the data in the last 60 days. The company says that there wasn’t any evidence of abuse and it will conduct more audits to confirm whether the developers have deleted the data.
Facebook says it involved social media management and video streaming apps which were primarily used by group admins to manage the groups.