Facebook has rolled
out a change that limits apps’ ability to access users’ data. The change comes
hours before Facebook CEO Mark Zuckerberg’s testimony before
Congress where it’s expected he will have to answer questions about how
the company handles its users’ personal information, in wake of the Cambridge
Analytica scandal which saw the personal data of 87 million Facebook users
compromised.
Among many other new
restrictions to its API platform announced last week, Facebook said that it
would soon introduce a stricter review process for use of Facebook Login for
apps, and it would block apps from pulling users’ personal data after three
months of non-use.
Now, that change to
apps’ ability to access user data has begun to roll out, Facebook says.
All Facebook platform
apps won’t be affected immediately – the change will roll out gradually over
the weeks ahead. Between April 9 and April 21, tokens for the users who
have not actively logged into a developer’s app and granted consent to
permissions in the last 90 days will expire, Facebook says.
Facebook suggests that
app publishers monitor their app for any issues that may occur as a result.
Apps may run into issues with regard to the expired tokens, and will need to
make sure they’ve designed their app to either re-prompt the user to login
again with Facebook, or show an optional user interface which allows the app to
refresh its access to users’ Facebook data with consent.
The apps will have
send users through the Facebook Login process every 90 days, and the person
logging in has to agree to the data permissions by tapping “Continue,” Facebook
explains in its announcement.
“We believe this
immediate access update helps build trust and leads to stronger connections
within our ecosystem,” reads the Facebook blog post.
A number of apps over
the years adopted Facebook Login to offer users an easier way to sign into
their own service, while giving the app maker the ability to access users’
Facebook data. Some users preferred the Facebook Login option, as it meant they
didn’t have to remember so many different passwords. Others, including those
who didn’t have a Facebook account (or those who perhaps rightly didn’t trust
Facebook) found the practice infuriating.
Also
upsetting is that there was no sort of deprecation policy in place for the apps people no longer used. That led to
users being fairly shocked to discover long lists of apps they hadn’t touched
in years with lingering access to their data. Facebook recently addressed this
issue as well, with the introduction of a bulk app removal tool that lets users
delete apps from their account entirely.
It also announced a
series of changes to how developers can use its APIs, including Instagram APIs,
which largely involve locking down its platform, then figuring out which
developers actually require (and deserve) any heightened access in order for
their app to function.
These sorts of changes
are a critical part of what Zuckerberg will have to testify to today – because
it wasn’t that Facebook directly handed over 87 million users’ personal data –
it had just designed a platform that let apps easily collect it without users’
knowledge or consent.
No comments:
Post a Comment