Last month at F8, Facebook noted they were updating the way data-read permissions are granted to applications. Up until this point, when a user authorizes an application on Facebook, that application would automatically get access to all of the data that user had permission to read on Facebook.com. With the new authorization model, applications are only granted access to read a user’s publicly available information by default. This includes name, profile picture, gender, current city, networks, friend list, and Pages, according to Facebook.
Developers who do not utilize data beyond publicly available information will not need to make any changes, and thus this update is non-breaking for them. However, for developers who currently rely on simple authorization to gain access to things such as user photos, notes, and extra profile information, this update is breaking. In order to access further user data from the API, developers will need to utilize new extended permissions in conjunction with the new simplified permissions dialog (pictured below).
The new permissions dialog combines what used to be separate permission dialogs into a single modal window, as we’ve covered. It simplifies the way in which extended permissions are granted: developers only need to design for two permission scenarios (all granted vs. none). This new model creates a more transparent platform, with applications explicitly asking for user data they require. Consequently, this allows end users to make more clearly informed decisions whether to trust certain applications or not. The disadvantage to users is the loss of granular control over what an application may access. Developers will likely leverage this loss of granularity in order to garner higher permission conversions on things such as access to user’s email addresses (pictured below).
The new permissions and dialogs are currently in a migration period, set to end on June 1st. Until then, developers may toggle the update on and off from the migration tool on a per application basis. After June 1st, however, the update will be permanently rolled out to all platform applications.