The Facebook apology tour continues: The company announced on Monday that it has found at least 200 other apps that had access to user data in the same way that the app behind the infamous Cambridge Analytica leak did. A VP at the social network said in a blog post that Facebook is currently trying to determine whether that data was misused, and whether the companies in question deleted it as they were supposed to when Facebook changed the rules in 2014.
If you’re wondering why it took the company four years to run this kind of audit, especially after multiple reports from individuals involved (like the whistleblower who revealed the Cambridge Analytica fiasco), you’re not the only one. Facebook CEO Mark Zuckerberg has said that he’s sorry it wasn’t done sooner, but hasn’t explained why the company didn’t do such an audit earlier.
This should have happened years ago. And Facebook needs to pro-actively notify users impacted, not rely on them navigating to a webpage. Also worth noting: “suspending” an app doesn’t delete all the data that it accessed, it simply prevents new data from being accessed. https://t.co/jIWx5NXm5T
— Sandy Parakilas (@mixblendr) May 14, 2018
It’s also not clear whether 200 is the final number of apps that have been suspended as part of this investigation, or whether there are more to come, and the company so far hasn’t identified any of the apps. According to the blog post:
To date thousands of apps have been investigated and around 200 have been suspended — pending a thorough investigation into whether they did in fact misuse any data. Where we find evidence that these or other apps did misuse data, we will ban them and notify people via this website. It will show people if they or their friends installed an app that misused data before 2015
In the Cambridge Analytica case, a seemingly harmless personality quiz designed by researcher Aleksandr Kogan got personal information on more than 85 million users without notifying them, because of the way Facebook was configured at the time—it not only allowed apps access to a user’s data, but also the personal data of all that user’s friends. In 2014, the company changed the rules so that apps can no longer get friend data, and it asked app developers to delete the data they had.
Cambridge Analytica, however, apparently didn’t delete the data that it got from Kogan, and instead used that information to create psychographic profiles of Facebook users based on their likes and other behavior, and then used those profiles to target advertising and other content to Facebook users on behalf of clients like the Trump presidential election campaign. The company has since gone bankrupt, but the key players behind it have reportedly created a similar company called Emerdata.