Facebook dials back third-party apps’ data access

CEO Mark Zuckerberg said the company is rethinking how it views apps as developers see access to user data restricted.

It was a big news day for Facebook on Wednesday – the company announced changes to how apps access user data as CEO Mark Zuckerberg spoke on the record with reporters about the changes and the numerous challenges the platform faces in the business and political arenas.

App developers saw their access to user data restricted in several Facebook channels Wednesday. New apps have been blocked from using the Groups, Events and Pages APIs, and existing apps that had been previously approved to use them must be re-approved under new, stricter guidelines.

“Testing of our more robust process starts today, and the new process should resume in a few weeks,” said Ime Archibong, VP of partnerships at Facebook. “Going forward, access to these APIs will require a formal app review, and for apps using the Pages API, submission is required within 90 days once app review resumes or access will be removed.”

(A more technical breakdown of what’s coming off the menu is available on Facebook’s developer blog.)

The company’s chief technology officer Mike Schroepfer posted a lengthy note online outlining the immediate changes and promising more in the months to come.

Most of yesterday’s changes had to do with allowing access to people who interact with groups, pages and events that they do not administer themselves. Previously, commenting in those forums would make a user’s information fair game for apps even if they did not own or operate it.

Apps for Facebook groups (both public and private ones) will now require explicit permission from Facebook and group admins before being approved. Group member lists and personal information that’s attached to group comments are also now off-limits to third-party operators.

Similarly, the pages API no longer allows third parties to scan comments and posts from users. “We want to make sure page information is only available to apps providing useful services to our community. So starting today, all future access to the pages API will need to be approved by Facebook,” Schroepfer wrote.

These changes are the next steps on Facebook’s growing list of policy shifts initiated in the weeks following the revelation that U.K. firm Cambridge Analytica had inappropriately come to possess data on millions of Facebook’s users (including more than 600,000 Canadians).

Of the app developer policy changes, Facebook CEO Mark Zuckerberg said “We clearly should have been doing more all along,” when speaking to reporters Wednesday. He said the company’s view on data sharing had been “limited” in the past. He saw Facebook’s role as giving users tools and that it was primarily people’s responsibility how they chose to use them — whether that’s tools on how to share your voice, tools on how to log in to apps and bring your information to them.

“I think it was wrong in retrospect to have that limited of a view,” he said.

In prepared remarks offered before taking reporters’ questions, Zuckerberg called said Facebook was an “idealistic and optimistic company” that had helped individuals and companies connect. But “it’s clear now that we didn’t do enough” to protect user privacy, calling this lapse “a huge mistake. It was my mistake.”

A transcript of Zuckerberg’s press discussion, which included comment on Cambridge Analytica and alleged Russian abuse of the platform in spreading disinformation, is available online.

A new dashboard tool is launching April 9 to make it easier for users to see which apps are accessing their data. It also recently shuttered its partner categories program, stating that apps could only rely on Facebook-owned and first-party data going forward.