Subscribe

Facebook cracks down on platform abuse

Kirsten Doyle
By Kirsten Doyle, ITWeb contributor.
Johannesburg, 29 Mar 2018

In the aftermath of the Cambridge Analytica data misuse scandal, Facebook says it is "cracking down on platform abuse" and making some changes to its app platform, as well as improvements to its official bug bounty programme that will reward security researchers who root out third-party Facebook apps that misuse user data.

Ime Archibong, VP of Partnerships at Facebook, said in a Developer News blog post: "Facebook's bug bounty programme will expand so that people can also report to us if they find misuses of data by app developers. We are beginning work on this and will have more details as we finalise the programme updates in the coming weeks."

The expanded bug bounty programme rules are one of the several other measures Facebook announced this week.

App reviews paused

Immediately following the Cambridge Analytica scandal, the social media giant paused all third-party app reviews on the platform, pending changes to its app permissions to prevent any user data misuse going forward.

It also said that any app that will request access to a user's Facebook friends list would also be subject to a manual review during which its engineers will weigh up if the app actually uses this data inside its code, and therefore whether requesting this permission from the user is legitimate.

Archibong also said Facebook will investigate all apps that had access to large amounts of information before it changed its platform in 2014 to reduce data access, and that the company is conducting a full audit of any app with suspicious activity.

Abusers to be banned

He added that the network will also inform all users who installed apps that misused their data, and said app developers whose apps misused or shared user data will be banned from the platform.

In addition, he said Facebook will prevent unused apps from accessing user data, and going forward, will strongly advise users to review the apps they've given permission to access their Facebook profile data, in order to raise awareness. Facebook will also turn off an app's access to user data if the app hasn't been used in the last three months.

An open inquiry

This isn't the end of Facebook's woes, however. The US Federal Trade Commission issued a statement saying it has an open inquiry into Facebook's privacy practices.

The FTC said it is totally committed to using all of its measures to protect the privacy of consumers, and will initiate enforcement action against organisations that fail to honour their privacy promises.

"Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices."

A turning point

Ilia Kolochenko, CEO of High-Tech Bridge, says: "This is an exciting shift in the bug bounty industry, which till now has focused on security vulnerabilities. Facebook is the first major company that is asking for researchers to identify data privacy issues. With the General Data Protection Regulation coming into force in a couple of months, data privacy is now high on many organisations' agendas."

Kolochenko says Facebook has shown the impact of a data privacy breach, and this may drive other organisations to seeking security researchers' help to avoid the severe sanctions in the event of a privacy violation. "Bounty payments for privacy issues is a very good idea as companies can leverage the crowd."

Share