Application Security & Online Fraud , Fraud Management & Cybercrime , Governance & Risk Management

Facebook's Purge So Far: 69,000 Apps Suspended

Not All Apps Posed a Threat, Facebook Executive Claims
Facebook's Purge So Far: 69,000 Apps Suspended
Facebook's Seattle office (Photo: Faceboo)

Facebook says it has suspended tens of thousands of apps as part of its ongoing investigation into data misuse that grew out of the Cambridge Analytica scandal.

See Also: Webinar | Identity Crisis: Combating Microsoft 365 Account Takeovers at Scale

The company won’t disclose the suspended apps, but a court filing unsealed on Friday put the number at 69,000. In a blog post, Facebook’s Ime Archibong, vice president of product partnerships, writes that some of the apps have been banned.

“That can happen for any number of reasons, including inappropriately sharing data obtained from us, making data publicly available without protecting people’s identity or something else that was in clear violation of our policies,” Archibong writes. “We have not confirmed other instances of misuse to date other than those we have already notified the public about, but our investigation is not yet complete.”

Continued Purge

The review encompasses apps that had access to large amounts of personal data before Facebook changed its developer rules in 2014.

Around that time, the social network implemented changes, such as not allowing apps to access personal data of someone’s friends. That’s how Cambridge Analytica ended up with so much personal data – on about 87 million users – which was collected by a relatively obscure personality quiz app (see: Facebook: 87M Accounts May Have Been Sent To Cambridge Analytica).

Facebook didn’t name the suspended apps or give a precise number. A Facebook spokesman says the company will not publicly disclose the suspended apps. But a subpoena unsealed on Friday in Massachusetts Superior Court gives a feel for the depth of Facebook’s app purge, the Associated Press reports.

Massachusetts' attorney general launched an investigation into Cambridge Analytica in May 2018. The attorney general asked Facebook for information on apps in use prior to 2014. The subpoena revealed that Facebook has suspended 69,000 apps.

"“For nearly a year, Facebook has fought to shield information about improper data-sharing with app developers. If only Facebook cared this much about privacy when it was giving away the personal data of everyone you know online."
—Maura Healey, Massachusetts attorney general

Facebook apparently made a strategic legal mistake that resulted in the number of suspended apps becoming public.

Facebook petitioned a judge to seal the records, but a judge unsealed the records on Friday, The New York Times reports. The Associated Press reports that the subpoena would have “remained confidential under Massachusetts law had Facebook not insisted on keeping it and related exhibits secret.”

In a statement to The Times, Massachusetts Attorney General Maura Healey says: “For nearly a year, Facebook has fought to shield information about improper data-sharing with app developers. If only Facebook cared this much about privacy when it was giving away the personal data of everyone you know online.”

The Associated Press reports that most of the apps, however, were not necessarily suspended for collecting too much data but rather for not responding to email inquiries from Facebook.

Likewise, Archibong writes that the suspensions “are not necessarily an indication that these apps were posing a threat to people. Many were not live but were still in their testing phase when we suspended them. It is not unusual for developers to have multiple test apps that never get rolled out.”

Fines and Investigations

Cambridge Analytica was a U.K.-based political profiling firm that obtained Facebook user data from Aleksandr Kogan, a Cambridge University lecturer who deployed a quiz app called This Is Your Digital Life on Facebook around 2013.

This Is Your Digital Life collected public information for users who took the quiz plus those of their friends without their consent. The revelation attracted the attention of regulators worldwide, particularly because Cambridge Analytica briefly acted as consultant to President Donald Trump’s campaign.

As a result, U.S. Federal Trade Commission fined Facebook $5 billion. The agency concluded that Facebook violated a 2012 agreement that banned it from sharing data with third parties without asking users or changing privacy settings without permission (see: FTC Reportedly Approves $5 Billion Facebook Fine).

Archibong writes “Our new agreement with the FTC will bring its own set of requirements for bringing oversight to app developers. It requires developers to annually certify compliance with our policies. Any developer that doesn’t go along with these requirements will be held accountable.”

But Archibong cautions that “we won’t catch everything, and some of what we do catch will be with help from others outside Facebook.”

A number of U.S. state attorneys general have investigations continuing into Facebook, and Washington, D.C., filed a civil suit. The U.K. Information Commissioner’s Office fined Facebook in £500,000 in October 2018, and Italy fined Facebook $1 million in July.

Also, Canada’s privacy commissioner, which does not have the power to issue fines, plans to take Facebook to federal court for failing to implement privacy recommendations following the agency’s investigation (see: Canada Says Facebook Violated Privacy Laws).

About the Author

Jeremy Kirk

Jeremy Kirk

Executive Editor, Security and Technology, ISMG

Kirk was executive editor for security and technology for Information Security Media Group. Reporting from Sydney, Australia, he created "The Ransomware Files" podcast, which tells the harrowing stories of IT pros who have fought back against ransomware.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.