Facebook shared user data with developers when they didn’t have permission

Facebook mentioned a new problem related to user data and the permissions that the platform establishes to limit the information that reaches developers.

As reported in their last report, they shared user data with developers even when access to the information had already expired.

Facebook has a number of controls that users can manually activate to control how and with whom their information is shared. And on the other hand, there are controls that are applied automatically in certain situations, for example, no application can receive updated data from users who have been inactive (in the application) for more than 90 days.

Once the platform detects this situation, it automatically restricts this information. This is a checkpoint that Facebook put in place in 2018, when a series of changes and policies were announced because of the Cambridge Analytica scandal. However, a glitch in the system allowed some 5,000 developers to continue to receive user data even after the downtime expired, and therefore they were not allowed to do so.

One detail to keep in mind is that these data (email address, gender, language, etc.) are those that users previously authorized to share with certain applications. But if these users trusted Facebook to automatically revoke access due to inactivity, now they will find that their data was available to developers for much longer than was established.

Facebook has not given too much detail on the matter, so we do not know when this problem occurred, or how long this situation lasted. And they have not mentioned how many users were affected either. On the other hand, it has made it clear that this error did not lead to data being leaked or more information being shared than the user authorized in the first stage, and that they will continue investigating.