Facebook on Tuesday acknowledged another privacy mishap on its platform: This time, some app developers may have wrongly accessed names and profile photos about users in certain groups. The social-networking giant announced the incident in a blog post, estimating roughly 100 “partners” may have accessed this information – including 11 that did so within the last 60 days. Otherwise, Facebook declined to offer specifics, including who exactly might have seen the data and how many users had been affected.
The revelation is still likely to result in yet another round of criticism for the tech giant, more than three months after federal regulators slapped it with a $5 billion (roughly Rs. 35,500 crores) fine and other punishments after allegations it mishandled its users’ personal information. The settlement, which did not require Facebook to admit guilt, is pending approval in federal court and eventually will require the company to be more vigilant about apps on its platform.
Since the Federal Trade Commission brokered that deal with Facebook, other incidents have come to light. In September, Facebook said it suspended “tens of thousands” of apps that may have mishandled user data, including some that may have had large followings, court documents at the time revealed.
“Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted,” wrote Konstantinos Papamiltiadis, the director of platform partnerships at Facebook.
The company did not respond for requests for comment.
The trouble appears to stem from a functionality in Facebook’s groups service. Prior to April 2018, administrators for groups could authorise apps, which could access information about users in that group. After April 2018, Facebook said it imposed restrictions on developers, who would have to obtain group members’ permission before collecting information such as their name and profile photo.
On Tuesday, Facebook announced it discovered it had “found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended.”