contador javascript Skip to content
Contact :

Facebook reveals another serious privacy violation

Up to 100 developers may have had inappropriate access to Facebook users' data due to an oversight in the way permissions were revoked.


The names and profile images of people in certain Groups on the platform, linked to their activity in those Groups, were still accessible to some software developers, even though the company changed access parameters in April 2018, wrote the director of associations of the Facebook platform, Konstantinos Papamiltiadis.

Of the ?Approximately 100 partners? who had retained access to user data through the Groups API in the last 18 months, ?At least 11 members accessed the information of the group members in the last 60 days,? The post said.

The changes were supposed to work as follows:

?Before April 2018, group administrators could authorize an application for a group, which gave the application developer access to group information. But as part of the changes to the Groups API after April 2018, if an administrator authorized this access, that application would only obtain information, such as the name of the group, the number of users and the content of the publications. For an application to access additional information, such as the name and profile picture in relation to the activity of the group, the members of the group had to choose ?.

April 2018, you say? Yes, this was one of the changes made following the Cambridge Analytica revelations in March of last year, as part of the company's promise to clean up its policies and practices around user data and who has access to they.

More recently, in September of this year, Facebook suspended "tens of thousands" of platform applications for unspecified reasons.

Facebook says

That interested developers were asked to remove any information they have withheld and to perform ?audits? to ensure monitoring, the publication did not specify which groups were affected, how many user data were accessed, how many times, or what developers were involved.

And unlike the application suspension news, this disclosure was made on the For Developers blog, not in the most public press room.

Facebook assures users

Or at least the developers, who are aware that "There is no evidence of abuse" of this data. But given this news, it is difficult not to wonder what else they have missed.