Facebook on Wednesday listed a number of new data access restrictions as the social media company looks to reassure end users that their personal information will remain private. The new measures, detailed in a post by Facebook CTO Mike Schroepfer, limit the personal data that apps can collect about end users – including their religion and political views – and place heavy approval requirements that third party apps need to fulfill in order to collect data.
“Overall, we believe these changes will better protect people’s information while still enabling developers to create useful experiences,” said Schroepfer.
Significantly, Facebook said it will no longer allow apps to ask for access to personal information such as religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity.
“In the next week, we will remove a developer’s ability to request data people shared with them if it appears they have not used the app in the last 3 months,” said Schroepfer.
The privacy changes stem from Facebook’s acknowledgement in March that since 2015, a third-party application had handed over the data of millions of platform users to Cambridge Analytica – a consulting group that has worked on several high-profile political campaigns, including that of President Donald Trump’s.
While the original number of platform users impacted by this incident was pegged at 50 million, Schroepfer in his blog post on Wednesday said in reality that number was much higher: “In total, we believe the Facebook information of up to 87 million people — mostly in the US — may have been improperly shared with Cambridge Analytica.”
Cambridge Analytica, for its part, refuted both numbers of impacted end users, saying in a Tweet that it only “licensed data from [research company] GSR for 30 million individuals.”
Cambridge Analytica licensed data from GSR for 30 million individuals, not 87 million. We did not receive more than 30 million records from research company GSR.
— Cambridge Analytica (@CamAnalytica) April 4, 2018
Beyond data access restrictions, Facebook changed its Login feature, so that it requires approval for all apps that request access to information such as check-ins, likes, photos, posts, videos, events and groups. The company also said said it will be tweaking the process of several types of app permissions, including data access that Events, Groups, and Pages access to apps.
For instance, while apps could previously access information about events that end users attend or host, “starting today, apps using the API will no longer be able to access the guest list or posts on the event wall. And in the future, only apps we approve that agree to strict requirements will be allowed to use the Events API,” said Facebook.
Facebook is also deleting a feature that allows users to enter another person’s phone number or email address into Facebook search to help find them, stating that “most people on Facebook could have had their public profile scraped” by malicious actors using this method.
“Malicious actors have also abused these features to scrape public profile information by submitting phone numbers or email addresses they already have through search and account recovery,” said Facebook. “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way. So we have now disabled this feature.”
Facebook also noted that it has reviewed its opt-in call and text history feature to confirm that the content of messages are not collected – tipping the hat to reports a few weeks ago that the company had been logging Android users’ call and text history without their permission.
“In the future, the client will only upload to our servers the information needed to offer this feature — not broader data such as the time of calls,” said the post.
Over the past month Facebook has sought to assure the public that it is prioritize privacy. CEO Mark Zuckerberg earlier this month admitted “we made mistakes” in a blog post and vowed to step up to the plate in delivering better data security to end users. And last week, the company said it will expand its bug bounty program in an attempt to crackdown on data misuse by third-party app developers.
However, the company still has a ways to go in gaining back end users’ trust. Despite its newly announced restrictions, a wave of political figures are still criticizing Facebook for how it handled the Cambridge Analytica incident, including Senator Edward Markey, who called for “congressional action on data privacy online” in a Tweet.
This is more than a drip, drip, drip – it’s a deluge. We now have 37 million more reasons for congressional action on data privacy online.https://t.co/H4FJmbzDID
— Ed Markey (@SenMarkey) April 4, 2018
Moving forward, Schroepfer said Facebook “expects to make more changes in the coming months.”