Facebook confesses improperly administered limit gave developers unauthorized access to user data
The social media giant has now revealed that due to a problem with how this policy was implemented, a good many developers continued to receive updates to user information well after their rights had expired.
For instance, if someone had invited their friend to use a fitness app and later stopped using it, Facebook failed to interpret that if the friend was still active on the app.
The 5,000 figure for developers is an estimate and the actual figure could very well be higher. It’s not known how many users were affected and what kind of information was siphoned off, but the firm has given the example of gender and language. The company does assure that developers were only able to see data for which permission was previously granted by users.
From the last several months of data we have available, we currently estimate this issue enabled approximately 5,000 developers to continue receiving information — for example, language or gender — beyond 90 days of inactivity as recognized by our systems
The issue has now been fixed.
Facebook has cleverly put part of the responsibility on developers, saying they have as much of a role as Facebook in safeguarding people’s data. The company has now come up with new Platform Terms and Developer Policies which will limit data developers can forward to third parties without explicit consent from users first. The policy also outlines when data developers have on people must be deleted.