1. Home
  2. News
  3. Cybersecurity News

Facebook says 100 app developers improperly retained access to user data

Under a change to the company’s Group API settings, software developers should have lost access to the data in question

Photo (c) anyaberkut - Getty Images
In a blog post on Tuesday, Facebook disclosed that as many as 100 app developers retained data from user groups on the platform. 

Facebook changed its Group API settings in the wake of the Cambridge Analytica scandal to ensure that developers could only see basic information when an administration authorizes an app for a specific Group. Before the change was implemented, developers could see member names and profile pictures. 

However, the company said it recently became aware that some software developers kept access to member names and profile pictures after the change went into effect. 

“As part of our ongoing review, we recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended,” the company said. 

Developers contacted

In addition to removing their access, Facebook said it’s also in the process of contacting the developer partners who may have improperly accessed user information. 

Facebook said at least 11 partners accessed group members’ information in the last 60 days, but the company did not provide an estimate of how many users were impacted by the breach of privacy. 

“Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted,” the company added. 

App developer crackdown

Facebook has been imposing stricter privacy practices following the 2018 Cambridge Analytica scandal, in which 87 million users had their personal data wrongly shared with the political consulting firm. 

Last month, Facebook announced that it suspended “tens of thousands” of apps based on how many users they had and how much data they could access. The company said the action was part of a larger “App Developer Investigation” and noted that the apps suspended did not necessarily pose a threat to users. 

In July, Facebook agreed to pay a $5 billion settlement with the Federal Trade Commission (FTC) over its handling of user data in the Cambridge Analytica scandal. 

"We aim to maintain a high standard of security on our platform and to treat our developers fairly,” Facebook said in its most recent announcement. “As we've said in the past, the new framework under our agreement with the FTC means more accountability and transparency into how we build and maintain products.” 

“As we continue to work through this process we expect to find more examples of where we can improve, either through our products or changing how data is accessed. We are committed to this work and supporting the people on our platform."

Take an Identity Theft Quiz. Get matched with an Authorized Partner.