Facebook Clamps Down on Access to User Data via Its Groups API

The social network found that some apps retained access for longer than they should have

At least 11 partners accessed group members’ information during the past 60 days Melpomenem/iStock
Headshot of David Cohen

Facebook made a change to its Groups API (application-programming interface) after discovering that some apps were retaining information acquired through the API for longer than was intended.

Director of platform partnerships Konstantinos Papamiltiadis explained in a blog post that the social network made the discovery during its ongoing review of ways that user data is shared with outside companies.

Papamiltiadis said that prior to April 2018, group administrators could authorize apps for their groups, which gave the developers of those apps access to information. A change in April 2018 limited that information to group name, number of users and content of posts, with group members needing to opt in to grant access to additional data such as user names and profile pictures.

The social network found that some apps retained access to group member information, such as names and profile pictures, for longer time periods than intended, and that access was removed.

Papamiltiadis said Facebook is reaching out to “roughly 100 partners” that may have accessed this information since the changes in April 2018, adding that the number of developers that did this is likely lower and diminished over time.

He added that at least 11 partners accessed group members’ information during the past 60 days, but Facebook found no evidence of abuse, and it will ask those partners to delete any member data they may have retained, as well as conducting audits to confirm that this was done.

Papamiltiadis explained, “These were primarily social media management and videostreaming apps, designed to make it easier for group admins to manage their groups more effectively and help members share videos to their groups. For example, if a business managed a large community consisting of many members across multiple groups, they could use a social media management app to provide customer service, including customized responses, at scale. But while this access provided benefits to people and groups on Facebook, we made the decision to remove it and are following through on that approach.”

david.cohen@adweek.com David Cohen is editor of Adweek's Social Pro Daily.
Publish date: November 5, 2019 https://dev.adweek.com/digital/facebook-clamps-down-on-access-to-user-data-via-its-groups-api/ © 2020 Adweek, LLC. - All Rights Reserved and NOT FOR REPRINT