Facebook's suspension of apps reveals wider privacy issues

San Francisco

FACEBOOK said on Friday that it had suspended tens of thousands of apps for improperly sucking up users' personal information and other transgressions, a tacit admission that the scale of its data privacy issues was far larger than it had previously acknowledged.

The social network said in a blog post that an investigation it began in March 2018 - following revelations that Cambridge Analytica, a British consultancy, had retrieved and used people's Facebook information without their permission - had resulted in the suspension of "tens of thousands" of apps that were associated with about 400 developers. That was far bigger than the last number that Facebook had disclosed, of 400 app suspensions in August 2018.

The extent of how many apps Facebook had cut off was revealed in court filings that were unsealed later on Friday by a state court in Boston, as part of an investigation by the Massachusetts attorney general into the technology company.

The documents showed that Facebook had suspended 69,000 apps. Of those, the majority were terminated because the developers did not cooperate with Facebook's investigation; 10,000 were flagged for potentially misappropriating personal data from Facebook users.

The disclosures about app suspensions renew questions about whether people's personal information on Facebook is secure, even after the company has been under fire for more than a year for its privacy practices.

Facebook apps can take on a variety of forms, from music apps such as Spotify to games like Candy Crush. Some apps use Facebook simply so that people can log in to their service or product, which otherwise has nothing to do with the social network. The common denominator is that these apps want access to information about Facebook members so that they can add new users.

As the world's largest social network, Facebook has data of more than two billion people. But it showed that it had failed to safeguard some of that information when Cambridge Analytica took some of the data without people's permission in 2016 and built voter profiles from it for the Trump presidential campaign, which The New York Times and The Observer in London reported on last year. Facebook said that as many as 87 million users' information could have been retrieved.

The social network has since faced lawsuits, regulatory scrutiny and the ire of lawmakers around the world over whether it can safeguard its users' data trove. The Justice Department and the FBI are investigating Cambridge Analytica. Mark Zuckerberg, Facebook's chief executive, has appeared in Congress to testify on the matter. Mr Zuckerberg, who visited Washington this week and met with President Donald Trump, also apologised for the improper handling of user data and vowed changes. That included auditing all of Facebook's third-party apps to make sure they were not abusing people's information.

"Every company, and especially the app developers involved, needs to understand that there are consequences for abusing consumer data," said Jules Polonetsky, chief executive of the Future of Privacy Forum, a non-profit organisation focused on issues of data privacy and scholarship. "If these apps escape legal penalty, developers are left thinking there is no legal risk, privacy is solely a platform responsibility and a terms of service agreement with Facebook."

Mr Polonetsky called for the Federal Trade Commission to act quickly against developers who broke Facebook's terms of service around customer data.

The latest revelations follow a settlement that Facebook struck with the FTC in July over privacy violations, in which the company agreed to pay a record US$5 billion fine and to increase oversight into its data-handling practices. Some critics claimed at the time that the FTC's settlement did not go far enough in protecting consumers and the agency faced new calls to take a harder line on the social network.

"Facebook put up a neon sign that said 'Free Private Data,' and let app developers have their fill of Americans' personal info," Senator Ron Wyden said on Friday. "The FTC needs to hold Mark Zuckerberg personally responsible."

The Silicon Valley company has been duelling with the Massachusetts Attorney General's Office to keep documents related to its app investigation out of the public eye. The state prosecutor began examining Facebook's data sharing practices in early 2018 after the Cambridge Analytica revelations broke and issued several civil subpoenas to the company for information. Last month, Facebook had petitioned a judge in Boston to seal the records. The seal was lifted on Friday.

"For nearly a year, Facebook has fought to shield information about improper data-sharing with app developers," Maura Healey, the Massachusetts attorney general, said in a statement. NYTIMES