Facebook admits hundreds of apps vacuumed up user data

The Facebook apology tour continues: The company announced on Monday that it has found at least 200 other apps that had access to user data in the same way that the app behind the infamous Cambridge Analytica leak did. A VP at the social network said in a blog post that Facebook is currently trying to determine whether that data was misused, and whether the companies in question deleted it as they were supposed to when Facebook changed the rules in 2014.

If you’re wondering why it took the company four years to run this kind of audit, especially after multiple reports from individuals involved (like the whistleblower who revealed the Cambridge Analytica fiasco), you’re not the only one. Facebook CEO Mark Zuckerberg has said that he’s sorry it wasn’t done sooner, but hasn’t explained why the company didn’t do such an audit earlier.

ICYMI: Headlines editors probably wish they could take back

It’s also not clear whether 200 is the final number of apps that have been suspended as part of this investigation, or whether there are more to come, and the company so far hasn’t identified any of the apps. According to the blog post:

Sign up for CJR's daily email

To date thousands of apps have been investigated and around 200 have been suspended — pending a thorough investigation into whether they did in fact misuse any data. Where we find evidence that these or other apps did misuse data, we will ban them and notify people via this website. It will show people if they or their friends installed an app that misused data before 2015

In the Cambridge Analytica case, a seemingly harmless personality quiz designed by researcher Aleksandr Kogan got personal information on more than 85 million users without notifying them, because of the way Facebook was configured at the time—it not only allowed apps access to a user’s data, but also the personal data of all that user’s friends. In 2014, the company changed the rules so that apps can no longer get friend data, and it asked app developers to delete the data they had.

Cambridge Analytica, however, apparently didn’t delete the data that it got from Kogan, and instead used that information to create psychographic profiles of Facebook users based on their likes and other behavior, and then used those profiles to target advertising and other content to Facebook users on behalf of clients like the Trump presidential election campaign. The company has since gone bankrupt, but the key players behind it have reportedly created a similar company called Emerdata.

ICYMI: Mark Zuckerberg seems “genuinely peeved” during a recent interview

Has America ever needed a media watchdog more than now? Help us by joining CJR today.

Mathew Ingram is CJR's chief digital writer. Previously, he was a senior writer with Fortune magazine. He has written about the intersection between media and technology since the earliest days of the commercial internet. His writing has been published in The Washington Post and the Financial Times as well as Reuters and Bloomberg.