(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click hereto subscribe for free.)
Facebook said on Wednesday it found at least 5,000 app developers had received user data from its platform even after the 90-day cut-off period.
The 90 days of inactivity period was set to stop apps from accessing user data from Facebook until someone logins again and re-authenticates the app. From the 91st day of inactivity to the next login, apps connected to the user’s Facebook login should not access their data.
The social networking company discovered that in some instances apps continued to receive data authorised by users past the 90-day of no login.
Facebook cited an example of a fitness app user to explain how it missed to recognise sharing information with app developers past the cut-off period.
If a user had invited their friend to join a workout via a fitness app using Facebook login, and the invitee has been inactive on the platform for many months, the app would continue to get data about the user past the cut-off period.
“From the last several months of data we have available, we currently estimate this issue enabled approximately 5,000 developers to continue receiving information — for example, language or gender — beyond 90 days of inactivity as recognized by our systems,” Konstantinos Papamilitiadis, VP of Platform Partnerships at Facebook said in a statement.
He further confirmed that the company has not seen any evidence of information sharing that was inconsistent with the permissions users had given when they logged in using Facebook.
Papamilitiadis added that this issue had been fixed on the same day it was discovered, and that they are continuing their investigations.
He, however, did not reveal the number of users whose data might have been shared past the cut-off period.
In 2018, Facebook made changes to the way app developers could access user data on its platform. The move was a result of the Cambridge Analytica scandal in which over 80 million Facebook user data was compromised.
Among several changes to the social network’s API platform, the company launched a tighter review process for using Facebook’s login by third-party apps. Facebook also blocked access to users’ personal data to third-party apps past the 90 days of inactivity period.
On Wednesday, the company said it has updated its platform terms and developer policies. The new terms are set to limit the information app developers can share with third parties without explicit consent from users.
