Social media company Facebook says it has fixed a flaw that allowed close to 5 000 third-party app developers to collect users’ personal information after authorised access to the data had expired.
Facebook says in some instances apps continued to receive the data that people had previously authorised, “even if it appeared they hadn’t used the app in the last 90 days”.
The latest incident comes amid growing concerns about Facebook’s ability to safeguard user data.
Facebook has been under intense global scrutiny over data issues since disclosing in 2018 that a third-party quiz distributed on Facebook gathered profile information on 87 million users globally and sold the data to consulting firm Cambridge Analytica.
In a blog, Facebook’s VP of platform partnerships, Konstantinos Papamiltiadis, wrote: “We currently estimate this issue enabled approximately 5 000 developers to continue receiving information – for example, language or gender – beyond 90 days of inactivity as recognised by our systems.
“We haven’t seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook.
“We fixed the issue the day after we found it. We’ll keep investigating and will continue to prioritise transparency around any major updates.”
Papamiltiadis says Facebook has since introduced new terms and policies to limit the information developers can share with third-parties without user consent and clarifying when data must be deleted.
“As part of our efforts to provide developers with clearer guidance around data usage and sharing…we’re also introducing new platform terms and developer policies to ensure businesses and developers clearly understand their responsibility to safeguard data and respect people’s privacy when using our platform,” he says.
“These new terms limit the information developers can share with third-parties without explicit consent from people. They also strengthen data security requirements and clarify when developers must delete data.”
Share