Facebook announced this week that about 5,000 app developers had access to user data even after the data access their apps had expired.
This incident is related to the security controls that Facebook added to its systems after the scandal with Cambridge Analytics in early 2018.
Responding to criticism that it allowed developers too much access to user information, Facebook at the time added a new mechanism to its API that prevents apps from accessing user data if a user doesn’t use the app for more than 90 days.
However, Facebook said it recently discovered that in some cases this security mechanism did not activate which allowed some apps to continue accessing user information even after the 90-day deadline.
Konstantinos Papamiltiadis, Vice President of Platform Partnership at Facebook, He said that the engineers solved the problem the same day they discovered it. He said the company also analyzed internal logs to determine the extent of the problem.
The company did not explain how many users were affected by this and whether the data was available to application developers even after users stopped using the application.
Facebook said the good news is that its systems did not leak more user data than users originally allowed apps, which means that unless users changed profile information, apps already had that information about them.
In addition to revealing a new user privacy issue, Facebook has also announced new terms and conditions for its developer platform.
Papamiltiadis said the new terms limit information that developers can share with third parties without obtaining the explicit consent of Facebook users, and also ensure that developers clearly understand that they have a responsibility to protect user data if they enter the database and partner with the Facebook platform to develop their own business.
In recent months, Facebook has filed several lawsuits against application developers who have abused its platform, and the new terms and conditions for developers will be a new weapon in the company’s legal arsenal against developers who violate its rules.