tech

Facebook admits it gave user data to third-party developers improperly, and this is not the first time

If a user has been inactive on an app for 90 days, the app in question should stop receiving user data. However, Facebook has failed to maintain this timeline for certain apps. 

Facebook said that for a certain number of users, they did not specify a number, it had failed to cut off this data flow 90 days after the person last used the app.
Facebook said that for a certain number of users, they did not specify a number, it had failed to cut off this data flow 90 days after the person last used the app. (Pixabay)

Facebook has been giving user data to third-party developers improperly, despite promising its users that it was not going to happen. The social media platform admitted in a blog post that thousands of developers were receiving users’ non-public information as updates even after it should have ideally stopped.

Facebook said that for a certain number of users, they did not specify a number, it had failed to cut off this data flow 90 days after the person last used the app. The platform had promised in 2018 that no third-party developer would receive any data post a 90-day period after a user last used the app.

The blog post states that the user data that went out includes email addresses, birthdays, language preference and gender and this information was sent to about 5,000 apps post the 90-day cut-off time.

Facebook’s vice president of platform partnership Konstantinos Papamiltiadis wrote in the blog that they had discovered instances of apps still receiving user data though it had not been used in 90 days. Papamiltiadis gave the example of users using a fitness app to invite friends to a workout and said that the platform failed to recognise that some of these friends had not been ‘active’ on the app for months.

Facebook did not indicate how recently they discovered this error though.

More importantly, this is not the first time Facebook has given third-party developers improper access to users’ data. Late last year, Papamiltiadis had written another blog post talking about a similar situation.

The post published on November 6, 2019 noted that some apps were retaining access to group member information, like names and profile pictures in connection with group activity from the Groups API. At least 11 apps had accessed group members’ information in the last two months, Papamiltiadis had written then.

But this is not it. In 2018, Papamiltiadis had to explain why certain third-party companies were given troubling amounts of access to Facebook users’ data and had then assured all users that the platform was working to fix this.

Clearly, Facebook really needs to get its act together as far as protecting user data is concerned.