Skip to main content

Facebook Admits 100 App Developers Accessed User Data Without Permission

Facebook on a smartphone and a MacBook at the same time.
(Image credit: Alexey Boldin/Shutterstock)

Facebook has once again been forced to acknowledge third-party access to user data.

In a blog post on Tuesday (Nov. 5), Facebook said that approximately 100 app developers had access to personal information of people in groups, including their names and profile pictures, which is in direct conflict with Facebook's own policies. 

The company said in a statement that it's since removed their access to the information, asked them to delete it, and promised to conduct audits to ensure the profile data is gone.

Facebook changed its policy on what developers could access in April 2018, when the scandal surrounding Cambridge Analytica and that company's access to user data to influence elections and political discourse became an even wider and more concerning issue. 

That policy change meant developers that had built apps for Facebook could no longer access personally identifiable information. In groups, specifically, Facebook changed the application programming interface (API) for groups so developers could only see the name of the group and basic information, like the number of people in it.

Apps are added to groups by the groups' administrator, who choose the program and deploys it for anyone in the group to access. Before April 2018, developers had access to personally identifiable information, but after that date, their access was restricted. 

Facebook's acknowledgement on Tuesday means that at least in some cases, the blockade didn't work. Even more concerning, 11 of the developers Facebook has identified actually accessed group member personal information in the past two months.

Facebook didn't mention which apps were accessing user data, but the company did say that they were "primarily social media management and video streaming apps, designed to make it easier for group admins to manage their groups more effectively and help members share videos to their groups."

Facebook didn't formally apologize in its blog post on Tuesday, but did say that it announced the data access as part of its commitment to "more accountability and transparency." The company added that it will likely "find more examples of where we can improve."