Facebook also let dating apps have further access to Graph API back in 2015

On Dec 6, 2018

Two hundred fifty pages of previously secret internal documents from Facebook show that the company allowed even more companies to be “whitelisted”—granting them extended access to the company’s permissive v1.0 Graph API back in 2015—than has previously been known.

In addition, the Wednesday release by a British lawmaker also confirms what Ars previously discovered via a failure to adequately redact public court filings from last year: Facebook once considered charging for access to user data.

The documents, known as the “Six4Three files,” were published by Damian Collins, a member of the UK Parliament. Collins is the chair of the Digital, Culture, Media, and Sport (DCMS) Committee in Parliament, which has been overseeing inquiries into Facebook’s practices. On November 16, the DCMS again asked CEO Mark Zuckerberg to appear before the committee via video; Zuckerberg has given no indication that he will do so.

The files open with a brief summary of what Collins found most interesting in the trove.

The top-line item is the “whitelisting agreements,” of which he writes: “It is not clear that there was any user consent for this, nor how Facebook decided which companies should be whitelisted or not.”

The 2017 redaction failure showed that Facebook gave extended access to Chrysler/Fiat, Lyft, Airbnb, and Netflix, among others—a point that Facebook says Six4Three got wrong. These new documents show that Facebook also whitelisted dating apps Badoo, HotorNot, and Bumble. “The files show evidence of Facebook taking aggressive positions against apps, with the consequence that denying them access to data led to the failure of that business,” Collins concluded.

Finally, a February 2015 email from Facebook engineering manager Mark Tonkelowitz noted that a new Android version of the Facebook app would, seemingly for the first time, include the “read call log” permission. Users would be required to accept the update in order to use the new version of the app. “This is a pretty high-risk thing to do from a PR perspective but it appears that the growth team will charge ahead and do it,” Tonkelowitz wrote to his bosses.

Ashkan Soltani, a technologist formerly with the Federal Trade Commission, who recently testified before the UK Parliament, suggested on Twitter that this disclosure was in violation of Facebook’s consent decree with the FTC.