NYT: Facebook APIs gave device makers deep access to user data. FB disagrees

Pierluigi Paganini June 04, 2018


Facebook APIs granted access to the data belonging to FB users to more than 60 device makers, including Amazon, Apple, Microsoft, Blackberry, and Samsung so that they could implement Facebook messaging functions.

After the Cambridge Analytica privacy scandal, Facebook is now facing new problems because it is accused of sharing user data with over 60 device-makers.

The social network giant had granted access to the data belonging to its users to more than 60 device makers, including Amazon, Apple, Microsoft, Blackberry, and Samsung so that they could implement Facebook messaging functions, “Like” buttons, address books, and other features without requiring their users to install a separate app.

“Facebook has reached data-sharing partnerships with at least 60 device makers — including Apple, Amazon, BlackBerry, Microsoft and Samsung — over the last decade, starting before Facebook apps were widely available on smartphones, company officials said.” states the New York Times.

“The deals allowed Facebook to expand its reach and let device makers offer customers popular features of the social network, such as messaging, “like” buttons and address books.”

The controversial practice started more than 10 years ago, before Facebook apps were widely available on smartphones.

The partnerships raise concerns about the company’s privacy protections and compliance with a 2011 consent decree with the Federal Trade Commission. The decree barred the social network giant from sharing data of users’ Facebook friends with other companies without their explicit consent.
Facebook APIs- Cambridge Analytica

To support the accusation, Michael LaForgia, a New York Times reporter, used a 2013 Blackberry device to access his Facebook account with roughly 550 friends.

He discovered that a BlackBerry app called “The Hub” was still able to harvest private data from 556 of his friends, exposed info including religious and political orientation.

The reported also discovered that The Hub was also able to acquire “identifying information” for up to 294,258 friends of his Facebook friends.

“After connecting to Facebook, the BlackBerry Hub app was able to retrieve detailed data on 556 of Mr. LaForgia’s friends, including relationship status, religious and political leanings and events they planned to attend.” continues the NYT.

“Facebook has said that it cut off third parties’ access to this type of information in 2015, but that it does not consider BlackBerry a third party in this case.”

Facebook responded to the accusation of the NYT report in a blog post entitled “Why We Disagree with The New York Times.”

The social network confirmed that the Facebook APIs were created to allow device-makers to improve the experience of Facebook users implementing features on their operating systems, you have to consider that at the time there were no apps.

“The New York Times has today written a long piece about our device-integrated APIs — software we launched 10 years ago to help get Facebook onto mobile devices.” states the post published by Facebook.

“In the early days of mobile, the demand for Facebook outpaced our ability to build versions of the product that worked on every phone or operating system. It’s hard to remember now, but back then there were no app stores.” 

“So companies like Facebook, Google, Twitter and YouTube had to work directly with operating system and device manufacturers to get their products into people’s hands. This took a lot of time—and Facebook was not able to get to everyone.” 

“To bridge this gap, we built a set of device-integrated APIs that allowed companies to recreate Facebook-like experiences for their individual devices or operating systems. Over the last decade, around 60 companies have used them—including many household names such as Amazon, Apple, Blackberry, HTC, Microsoft, and Samsung.”

The company added that it carefully monitored the use of the Facebook APIs avoiding any abuses, it also added that device-vendors signed agreements that prevented Facebook users’ information from being used for other purposes.

“Partners could not integrate the user’s Facebook features with their devices without the user’s permission. And our partnership and engineering teams approved the Facebook experiences these companies built,” continues the post.

“Contrary to claims by the New York Times, friends’ information, like photos, was only accessible on devices when people made a decision to share their information with those friends. We are not aware of any abuse by these companies.”

Facebook APIs mobile devices

After more than ten years things are changed and the Cambridge Analytica scandal has made used aware the importance of their privacy

Today both Facebook iOS and Android apps are very popular and the criticized Facebook APIs are no more used, for this reason, the company began “winding down” the partnerships in April.

“This is very different from the public APIs used by third-party developers, like Aleksandr Kogan. These third-party developers were not allowed to offer versions of Facebook to people and, instead, used the Facebook information people shared with them to build completely new experiences.” concluded Facebook.

“Now that iOS and Android are so popular, fewer people rely on these APIs to create bespoke Facebook experiences. It’s why we announced in April that we’re winding down access to them. We’ve already ended 22 of these partnerships. As always we’re working closely with our partners to provide alternative ways for people to still use Facebook.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Facebook APIs, privacy)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment