After a third-party app mined and then sold user information, Facebook has begun cracking down on just what information those apps can use. Two weeks after the Cambridge Analytica scandal broke, Facebook shared several changes to third-party app access and said additional adjustments are in store. The changes come with an updated count of around 87 million Facebook users affected by the Cambridge Analytica data scandal, a number that was originally at “more than” 50 million.
On March 21, Facebook founder and CEO Mark Zuckerberg promised an app investigation and audit, promising to ban any apps that were found to have or abuse excessive amounts of personal data. Now, nearly two months later, the social network is giving us an update on that process. Thus far, “thousands of apps have been investigated and around 200 have been suspended,” Facebook noted. “Where we find evidence that these or other apps did misuse data, we will ban them and notify people via this website. It will show people if they or their friends installed an app that misused data before 2015 — just as we did for Cambridge Analytica.”
That said, there are still many more apps under investigation, the company notes, and alas, several “may have misused people’s Facebook data.” However, the social media giant is promising to invest heavily to ensure that the investigation is “as thorough and timely as possible.”
The investigation isn’t the only measure Facebook has taken to protect its users. As of Monday, April 9, users began seeing an app control link at the top of their News Feed. Clicking the link lets users see what apps they use and the information shared with the apps. Users can remove apps no longer wanted. Facebook will also tell people if their data may have been improperly shared with Cambridge Analytica. Facebook previewed the app information messages with the screen images below.
The changes eliminate access to some features entirely while modifying others. Search tools that allow you to type a phone number or email into the Facebook search bar and find the person associated with that information will be disabled entirely. Facebook says that, while the feature simplified searches with common names and language barriers, the same tool could also be abused to find a name to connect with a phone number or email.
Several other categories see reduced access. Adding a Facebook event to another app will no longer allow that app to access the guest list or posts on the event’s wall. Leaving info about the event intact allows apps to add the event to a calendar, for example, Facebook says.
For Facebook Groups, any app that wants to access group data will now require approval not just from an administrator, but Facebook too. Even when granted access, the names of the profile photos of the group members will be excluded from the data.
Apps that access information from Pages, which are often used for tasks like scheduling posts and responding to messages and comments, will need Facebook’s approval. The network says the apps need a variety of information to provide those tools, but in order to ensure that information is necessary, the network will approve any third-party app first before allowing access to the Pages API.
Requirements for apps using Facebook data as a login are also tightening, with personal details — including political views, relationship status, work history, and others — excluded from the data. Apps requesting to see other data, such as the posts likes and photos, will need to be approved by Facebook. The apps using Facebook Login will also be automatically removed after three months of inactivity on the app.
That call data that surprised Android users will remain an opt-in feature. Those logs will be deleted after one year and will use fewer details, eliminating the time of the call, Facebook says. The tool doesn’t monitor the content of texts or calls, Facebook says.
Instagram’s Platform API depreciation was already scheduled, but Facebook is moving up that timeline with a handful of changes effective immediately. The changes eliminated the ability for apps to get information about follows, followers, relationships, comments and other data.
Updated on May 14: Added news that Facebook has removed 200 apps found to violate data policy.