Facebook has once again been forced to acknowledge third-party access to user data.
In a blog post on Tuesday, Facebook said that approximately 100 app developers had access to personal information of people in groups, including their names and profile pictures, which is in direct conflict with Facebook’s own policies.
Before April 2018, group administrators could authorize an app for a group they managed, giving the application developer access to this information.
Despite restricting information access to just the group’s name, the number of users, and post content — unless users opted-in to share their name and profile picture — in April last year, Facebook says that some apps retained access to this additional data until recently.
“As part of our ongoing review, we recently found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended,” said Konstantinos Papamiltiadis, Facebook’s Director of Platform Partnerships. “We have since removed their access.”
Facebook said it’s removed the developers’ access to the data.
“Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted,” Papamiltiadis continued.
The revelation underscores how data privacy issues continue to plague the world’s largest social network. In March 2018, revelations surfaced that UK political consultancyharvested the data of up to 87 million Facebook users without their permission.
Facebook, which has about 2.4 billion users worldwide, couldn’t provide information about how many users may have had their information exposed.