3rd party apps on Facebook not allowed to impersonate their users when publishing posts
Facebook has finally begun its crackdown on third-party apps from stealing, sharing or spamming your data without permission from its platform as well as from Instagram.
In a post on its developers’ page late on 24 April, Facebook said the new apps “created from today onwards will not have access to publish posts to Facebook as the logged in user”.
According to Facebook, the publish_actions permission will be deprecated. This permission granted apps access to publish posts to Facebook as the logged in user.
“Apps created before today that have been previously approved to request publish_actions can continue to do so until 1 August. No further apps will be approved to use publish_actions via app review,” the Facebook post noted.
British political consultancy firm Cambridge Analytica was found misusing users’ data collected by a Facebook quiz app which used the “Login with Facebook” feature.
“Developers currently utilising publish_actions are encouraged to switch to Facebook’s Share dialogs for web, iOS and Android,” Facebook said.
“Effective today, name and bio from comments on your own media will be removed; you will continue to receive username and comment text.
“On 1 August, the Live application programming interface (API) Apublish_actions permission, which allows an app to publish on behalf of its Users, will be reserved for approved partners.
“A new permission model that allows apps to publish Videos to their User’s Groups and Timeline will be created instead,” said Facebook.
There is also an Instagram “Graph API” change which removes the ability to pull the profile of users who leave comments on your posts.
Several third-party trackers are still abusing Facebook Login, exfiltrating users’ data including name, email address, age range, gender, locale and profile photo, claimed a new security research report from Freedom to Tinker — a digital initiative by Princeton University’s Centre for Information Technology Policy.
The researchers found two types of vulnerabilities: Seven third parties abusing websites’ access to Facebook user data and one-third party using its own Facebook “application” to track users around the web.