Facebook flaw let 5,000 developers gather personal data
Facebook claims to have mistakenly allowed 5,000 developers to collect information from people’s profiles after a time limit for their rights had expired.
Facebook apps shouldn’t access people’s personal data if the app isn’t used for 90 days.
But Facebook claimed that the blockage didn’t always work due to a flaw in the way it recorded downtime.
“We fixed the problem the day after we found it,” said the company.
Facebook has not stated how many users have deleted their personal data.
The collection of personal information of Facebook users by third-party apps was at the center of the Cambridge Analytica privacy scandal that was exposed in 2018.
The Cambridge Analytica Facebook app collected not only the data of the people who interacted with it, but also the data of the friends who did not give consent. The company created a large and profitable database in the process.
- The Cambridge Analytica story
- Zuckerberg promises Facebook “focused on privacy”
Facebook CEO Mark Zuckerberg addressed questions before the U.S. Congress on how his company handled users’ personal information, and Facebook introduced its new 90-day app blocking policy at the end of that year.
But Facebook now says the limit hasn’t worked properly.
“Recently, we found that in some cases, apps continued to receive data that people had previously authorized, even though it appeared that they hadn’t used the app in the past 90 days,” the company said in a statement.
Facebook provided an example of the error in action. He said that if two Facebook friends had both used an app and only one was still using it after 90 days, the app could collect personal information from the inactive friend.
“For example, this could happen if someone used a fitness app to invite their friends for a workout, but we didn’t realize that some of their friends had been inactive for many months,” said the company.
In that example, a user’s hometown would be the personal information in question. Facebook cited language and gender as other examples.
The company said its estimated 5,000 developers were based only on available data from the past few months.
But he also said that the information provided, although after the time limit, was just what users gave permission for when they signed up for the app in the first place.
In the same blog post, Facebook also announced that it was changing the terms of its platform and developer policies “to ensure that companies and developers clearly understood their responsibility to safeguard data and respect people’s privacy.”
The incorrect time limit in this announcement is the most recent of a long series of privacy issues for the social network.
In November last year, a flaw in the Facebook Groups feature was revealed. It allowed the collection of some personal data from groups.
Figures announced in January showed that Facebook’s annual profit declined in 2019, for the first time five years, in part due to agreements with privacy regulators.