- Facebook on Wednesday admitted wrongly sharing users' data with third-party developers
- revealed that developers continued to receive non-public information about users way longer than they should have.
- Facebook had fixed the issue the day it was discovered.
Facebook on Wednesday admitted wrongly sharing users' data with third-party developers. In a blog post, the company revealed that developers continued to receive non-public information about users way longer than they should have.
Facebook's post states that 5000 third-party app developers continued to receive information about users who had used Facebook to sign in to other apps despite users not using the app for the past 90 days. As per Facebook policies, third-party apps will not receive information about a user if they had not opened the app in the last days. But contrary to Facebook's policies, developers continued receiving users' data irrespective of the fact whether they used the app or not
The company, however, didn't receive the number of users whose information was shared with third-party apps. It just revealed personal information including addresses, birthdays, gender, or language spoken was wrongly shared with the apps.
"We discovered that in some instances apps continued to receive the data that people had previously authorized, even if it appeared they hadn't used the app in the last 90 days. For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn't recognize that some of their friends had been inactive for many months," Konstantinos Papamiltiadis, VP of Platform Partnerships, said in a blog post.
This basically means that if an active Facebook user invites an inactive user thorough a third-party app, the app will continue to receive data despite his or her inactivity.
"From the last several months of data we have available, we currently estimate this issue enabled approximately 5,000 developers to continue receiving information — for example, language or gender — beyond 90 days of inactivity as recognized by our systems. We haven't seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook, " he added.
However, Papamiltiadis did reveal that Facebook had fixed the issue the day it was discovered. "We'll keep investigating and will continue to prioritize transparency around any major updates," he said.
Facebook also said that it is coming up with new Platform Terms and Developer Policies to ensure that the businesses and developers "clearly understand their responsibility to safeguard data and respect people's privacy when using our platform."