Facebook reveals that `` some app developers were accessing user information inappropriately ''


by Tim Bennett

Cambridge Analytica had been unauthorized use of the user information of the Facebook problem later, Facebook has been reviewing how to share user information with outside companies and developers, completely remove or restrict the part of the API I have been doing. However, Facebook explains in the official blog that some developers have found evidence of inappropriate access to user information.

Changes to Groups API Access
https://developers.facebook.com/blog/post/2019/11/05/changes-groups-api-access/


Facebook says 100 developers might have improperly accessed Groups member data-The Verge
https://www.theverge.com/2019/11/5/20950541/facebook-groups-api-developer-improper-user-data-access-disclosure

Facebook provides a variety of APIs that can be used by apps. Among them, the “ Group API ” allows you to read Facebook user group data and create new groups. By using the group API, it is possible to install an application in a group, and the group administrator can grant application access permission to group contents (posts, photos, videos, etc.).

Until April 2018, the group API can use a wide range of user information, and when a group administrator approves an application in the group, the application developer can access various information in the group. However, since the information sharing method was reviewed in April 2018, the group API could only access information such as group name, number of users, posted content even if the administrator allowed access . After the functionality of the group API was restricted, each group member had to “allow” sharing of user information in order for app developers to access additional information such as usernames and profile photos.

by NeONBRAND

However, as a result of continuous research by Facebook, it was discovered that some Facebook applications were able to inappropriately access user information such as names and profile photos of users in the group via the group API doing. After detecting this access, Facebook says it has “turned off access immediately”. In addition, Facebook contacted about 100 developers who had traced inappropriate access to user information and requested data deletion. According to Facebook, the number of developers who had improperly accessed user information decreased with time, and only 11 developers were accessing in the last 60 days is.

Facebook says `` Unauthorized use of user information (with evidence of improper access) has not been confirmed '', but for user information that developers may have obtained from inappropriate access, A deletion request has been issued to the owner, and an audit is planned to confirm whether the deletion has been made.

In addition, it seems that Facebook applications that may have accessed user information inappropriately are social media management apps and video streaming apps.

by Kon Karampelas

Facebook has restricted the functionality of the group API as part of the data sharing crackdown after the Cambridge Analytica user information misuse problem. In addition, rules have been added that require Facebook approval for third-party developers to use the group API. After that, in July 2018, the group application for Facebook was made available again , but despite this strict security enhancement around the group API, inappropriate user information About the discovery of access, The Verge, an overseas technology media, wrote 'something surprising.'

in Software,   Web Service,   Security, Posted by logu_ii