Skip to content

5000+ Facebook app devs had access to user data post-cut-off date

  • by
  • 2 min read

Facebook has announced that over 5000 app developers continued to receive updated non-public user data such as email address and birth date that the user had first shared during a sign-up with their Facebook account, even 90-days after the app hasn’t been used — the cut-off date.

App sign-in using Facebook has been on the increase in the past decade as it lends convenience to users online. In 2018, Facebook had updated the terms of data sharing with app developers and said that an app would stop receiving updates to the information of the users that have signed up for their service using Facebook if the users hasn’t used the app in the past 90 days.

However, recently the social networking mammoth found out that about 5000 developers had continued to receive updated information including language and gender, even after their systems recognised that the user hadn’t accessed the app in the past 90 days.

While the company is unsure, they maintain that there is no “evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook” and that they fixed the issue a few days after it was discovered.

“We discovered that in some instances apps continued to receive the data that people had previously authorized, even if it appeared they hadn’t used the app in the last 90 days. For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognize that some of their friends had been inactive for many months,” said Konstantinos Papamiltiadis, VP of platform partnerships, Facebook.

As a part of the process to strengthen their policies after the user data leak, Facebook also announced new Platform Terms and Developer Policies to help developers and businesses using Facebook’s API to deal with user data in a more responsible manner.

“These new terms limit the information developers can share with third parties without explicit consent from people. They also strengthen data security requirements and clarify when developers must delete data.”

In the News: Facebook is shutting down Lasso app



Writes news mostly and edits almost everything at Candid.Technology. He loves taking trips on his bikes or chugging beers as Manchester United battle rivals. Contact Prayank via email: