“Facebook quietly stopped apps from harvesting users’ private data just two weeks ago”
The Telegraph (largest circulation broadsheet in the UK) got in touch with me and published a piece on the issue I presented to Facebook & wrote about for The Tyee. Read the full piece HERE (premium content – needs registration).
Excerpt:
He said: “Facebook [was] still giving the app a big list of names. Those people did not consent to their association being known with the app installer. They did not know their names were handed over.”
Mr Carney alerted Facebook through its bug bounty programme. He was told the taggable API wasn’t a risk because the data collected on friends had been set to public, but it was removed days after.
On April 4, when the Cambridge Analytica scandal came to light, Facebook blocked the access and warned developers that “all endpoints for the Taggable Friends API will now return an empty data set (and) the endpoints will be deprecated in the near future”. Facebook did not mention this change in a press release regarding changes it planned to make to improve data privacy which was published on the same day