About Facebook Apps Permissions
When I visited a friend in 2015, I stayed in a hotel with a Wi-Fi network that requires its guests to sign up for an account to access the gated connection. Instead of issuing a shared password upon checking in, the service offered alternatives to connect your social media accounts to speed up registration via FB, Twitter or LinkedIn. However this quickly turned to be a disappointment when I discovered the range of permissions the service wanted from their guests.
Apart from the normally sufficient user’s public profile, the service demanded to access my relationship status, events that I had attended and the list of groups that I was managing. It also asks the permission to post a status update for each social platform. I understand that this is an effort to better personalize the hotel’s offering towards their customers, but it certainly does not seem to be ethical when the users are not explicitly informed about the amount of personal information they are disclosing and the intention of the data collection activity itself.
This situation pushed me to diligently review permissions from an otherwise harmless applications and give the Facebook App Settings a visit to audit the permissions I have granted in the past. After taking a look at about 320 applications connected to my Facebook account, I recognized that over 50% of these entries come from many Facebook games and quizzes that were popular pre-2013. This sheds light on the uncommonly explored part of Facebook’s forgotten applications and the control they kept over your data.
There is a good reason why this could have taken place in the past.
Internet privacy used to be a foreign concept, especially within the group that frequented Facebook the most: teenagers aged 12–17 with low concern over access of their personal data by third party providers. The issue of internet privacy itself did not reach the greater mass until the reporting of surveillance mechanism utilized by world’s governments and in turn, urged companies to take a stronger stance in protecting their user’s privacy. For example, Facebook only introduced the option to restrict the audience of your posts in 2012 (so all the previous posts we published were all public).
Facebook used to be more lenient in approving applications submitted by third-party developers. It was something that was perhaps needed when they were growing their user base rapidly with the goal of increasing engagement and retaining users in their platform. The more games and quizzes in the platform + the more people you can share them with, the better it is for the company’s ad business arm to continue producing revenue. However, their confusing stances in protecting user’s privacy till 2012 and weak control over third party access have allowed awful, data-hungry applications to tap into a trove of sensitive user data. This is no longer the case now as the review process of submitting applications have gotten stricter over the years. Certain permissions now require thoroughly explained use cases to prevent violation of conducts.
The improved privacy policy, better control over your information and the revamped review process for third party applications is a big win for all of us. However, all things considered it is still crucial to address the looming risk of existing older applications with abnormally wide range of permissions granted to it. This is a homework for every one of us, and no single party is able to solve this issue alone. Users have to be consciously aware of services requesting for their data and regularly review the information they are providing. Companies have to be proactive in notifying users of changes in their privacy policy, suggest better ways to keep users information safe, and perform thorough investigation over existing/newly submitted applications. Third party developers have to produce compelling cases to support their intention in acquiring a piece of information for their service. Regulations should constantly evolve to adapt with the growing needs of privacy.
