In a post, Facebook Chief Executive Mark Zuckerberg has addressed for the first time the misuse of data of 50 million users, and outlined steps to safeguard the information of its more than 2 billion monthly users. SHRUTI DHAPOLA sums up what he said, and what he did not say.
‘Will investigate apps with large amounts of information’
The intention seems to be to assess whether other apps, too, have misused their access to data of Facebook users. Zuckerberg wrote that Facebook will “investigate all apps that had access to large amounts of information” before the company changed its rules for apps in 2014. These rules had reduced data access for third-party apps on Facebook, and ensured that an app could not get access to the data of a user’s friends, unless the friends also gave consent to the app.
For users, this may have no direct impact unless Facebook discovers another app that has been misusing data and illegally harvesting profiles. The targets here are rogue apps and their developers. It is not clear at the moment what “large amounts of information” mean — whether Facebook will be looking at apps with large user bases such as, say, games like Farmville or Candy Crush, or at apps that have stored large amounts of user data.
‘Will audit suspicious apps, alert users if confirmed’
Facebook has promised a full audit of apps that show suspicious activity, and will ban the app and its developers if those suspicions are confirmed. In 2015, when it was first discovered that academic Aleksandr Kogan’s app and Cambridge Analytica had violated the platform’s data-sharing rules, Kogan’s quiz app was indeed, banned. But the data was never deleted. Again, Facebook has now promised to alert users impacted by suspicious activity; it had failed to do so in 2015, when news first broke about Kogan’s app. Users can possibly hope to be alerted the next time there’s a data leak via an app — even though it remains unclear what will determine the “suspicious” activity that will cause the red flags to go up.
‘Will restrict developer access to Facebook user data’
For example, if someone has not used an app for three months, that developer’s access will be removed. Say, if you link your Facebook account to a game and then not play the game for three months, the app’s access to your data will be revoked. What is not clear is when this will kick into place. Also, Facebook says it will limit the data shared with an app to name, profile photo, and email address. Apps currently also access data like age, gender, city, other public information, etc. Developers will need an approval, and will be required to sign a contract with Facebook, if they want access to a user’s posts and other private data. But while apps will have less access to users’ Facebook data, it is still unclear whether they will be forced to delete the data they currently have.
‘More focus on tools to control data access for apps’
Facebook will highlight to users what apps are accessing their data. A tool at the top of the News Feed will show users what apps they have used, and how to revoke permission to their data. These options exist on the platform even now (accessible through Apps in Privacy Settings), but crucially, not all users are aware of them.
‘Will increase rewards for the bug bounty programme’
People will able to report data misuse by app developers. Most big technology companies like Google, Facebook, Apple, etc., have “bug bounty” programmes that encourage computer science researchers to find flaws in popular software before, say, cyber criminals can find a use for them. Finding software flaws or bugs usually carry big “bug bounties”.
THE PROBLEM WITH APPS
While consent is almost always given easily to apps…
On Facebook, there are third-party apps, into which users must log in to reach the services they provide. When a user gives access to one of these apps, she shares some user information such as name, gender, age, or email address. People, for instance, use Facebook to access shopping apps, or apps to order food. These apps could be Android or iOS, and outside the Facebook platform. Many apps have a Facebook login feature, so users can log in via their Facebook accounts, rather than create a new account for the app. Also, many quizzes and games on Facebook are apps, created by developers for the platform. When users play these games or take these quizzes, they often also allow access to some of their data.
…Revoking that consent has several follow-up issues
Revoking access to an app on Facebook does stop the sharing of data. However, Facebook cautions that the app may still have the data that has already been shared. In most cases, Facebook prompts users with a message that asks them to contact the app developer if they want their data to be deleted from the developer’s records. But how effective this is, and how exactly these requests work, remains unclear. Also, as the investigation in the Cambridge Analytica case appears to show, Facebook knew about the violations back in 2015, but the data was never deleted by the firm, and was eventually misused to target voters during the US election campaign.