The Social network giant Facebook confirms it shared data with 61 tech firms after 2015
3.7.18 securityaffairs
Social

On Friday, Facebook provided a 748-page long report to Congress that confirms the social network shared data with at least 61 tech firms after 2015.
This is the worst period in the history of the social network, now Facebook admitted to having shared users’ data with 61 tech firms.

The problem is that Facebook allowed tech companies and app developers to access its users’ data after announcing it had restricted third-party firms to access its data in 2015.

Immediately after the Cambridge Analytica privacy scandal that affected 87 million users, Facebook attempted to mitigate the pressure of the media by confirming that it already restricted third-party access to its users’ data since May 2015.

On Friday, Facebook provided a 748-page long report to Congress that confirms the practice of sharing data with 61 tech firms after 2015.

The company also granted a “one-time” six-month extension to the companies to come into compliance with Facebook’s new privacy policy.

“In April 2014, we announced that we would more tightly restrict our platform APIs to
prevent abuse. At that time, we made clear that existing apps would have a year to transition—at which point they would be forced (1) to migrate to the more restricted API and (2) be subject to Facebook’s new review and approval protocols.” reads the report.

“The vast majority of companies were required to make the changes by May 2015; a small number of companies (fewer than 100) were given a one-time extension of less than six months beyond May 2015 to come into compliance.”

In addition, the company admitted that a very small number of companies (fewer than 10) have had access to limited friends’ data as a result of API access that they
received in the context of a beta test.

The social media firm also shared a list containing 52 companies that it has authorized to build versions of Facebook or Facebook features for their devices and products.

The list includes Acer, Amazon, Apple, Blackberry, Microsoft, Motorola/Lenovo, Samsung, Sony, Spotify, and the Chinese companies Huawei and Alibaba.

“The partnerships—which we call “integration partnerships”—began before iOS and
Android had become the predominant ways people around the world accessed the internet on their mobile phones. ” explained Facebook.

“We engaged companies to build integrations for a variety of devices, operating systems, and other products where we and our partners wanted to offer people a way to receive Facebook or Facebook experiences,” the document reads. “These integrations were built by our partners, for our users, but approved by Facebook.”

The social network firm confirmed it has already interrupted 38 of these 52 partnerships and additional seven will be discontinued by the end of July, and another one by the end of this October. The company will continue the partnership with Tobii, an accessibility app that enables people with ALS to access Facebook, Amazon, Apple, Mozilla, Alibaba and Opera.

“Three partnerships will continue: (1) Tobii, an accessibility app that enables people with ALS to access Facebook; (2) Amazon; and (3) Apple, with whom we have agreements that extend beyond October 18. We also will continue partnerships with Mozilla, Alibaba and Opera— which enable people to receive notifications about Facebook in their web browsers—but their integrations will not have access to friends’ data.” added the company.

Privacy advocated and security experts defined as questionable the way the social network managed users’ data, especially after 2015.

Just a few days ago, I reported the news that a popular third-party quiz app named NameTests was found exposing data of up to 120 million Facebook users.