THE SOCIAL NETWORK Facebook shared users' data with third-party firms making such as Apple, BlackBerry (???), Microsoft and Samsung, according to The New York Times.
Facebook has shared data with such companies for years, letting device makers use features such as 'like' buttons and address books in their gadget's software.
However, it's come to light that said access ended up being "deep access", whereby the companies could take a peek at both a user's data and that of their friends, all without their explicit consent.
According to The New York Times, Facebook did this even after it declared it would no longer share such "deep access" with external companies. This was to the extent that some companies could retrieve data on a Facebook user's friends even when such sharing was thought to have been barred.
While Facebook has been working on de-mystifying how it tackles privacy, with a somewhat robotic-looking Mark Zuckerberg being pimped out to US Congress' question time, it seems like the social network has plenty of historical privacy problems and gremlins left beneath its surface.
And such reports are not something the company welcome following the Cambridge Analytica data-sharing scandal, which involved a misuse of Facebook's data policies by the political strategy company and a failure by Facebook to properly stop such a thing from happening.
Post-Cambridge Analytica, but pre-scandal, Facebook had started to limit the amount of access app makers and third-party firms have to its users' data in 2014. But the social network had reportedly kept quiet about it allowing hardware makers to be exempt from such changes.
This would mean that the likes of Apple and Samsung have had potential access to user data for some time. In response to the report, The New York Times noted that Apple stopped accessing Facebook data since last September, BlackBerry didn't collect or mine Facebook data, and Microsoft simply used data to serve notifications and add friends contacts but didn't store any user data; only Samsung declined to comment.
Facebook's Ime Archibong, vice president of product partnerships at the social network, wrote a detailed post in response to The New York Times report in which he noted that several years ago, demand for mobile versions of Facebook outstripped that company's ability to make version of the social networks to suit each operating system and device. As such, it offered APIs to allow device-makers to "recreate Facebook-like experiences of their individual devices or operating systems".
But Archibong highlighted that these partnerships and APIs were tightly controlled at the time.
"These partners signed agreements that prevented people's Facebook information from being used for any other purpose than to recreate Facebook-like experiences. Partners could not integrate the user's Facebook features with their devices without the user's permission. And our partnership and engineering teams approved the Facebook experiences these companies built," Archibong said.
"Contrary to claims by The New York Times, friends' information, like photos, was only accessible on devices when people made a decision to share their information with those friends. We are not aware of any abuse by these companies."
Archibong noted that this data access was very different to that of Aleksandr Kogan, the academic seemingly at the crux of the Cambridge Analytica scandal as the data involved was used to create new Facebook experiences not re-hash existing ones
"Now that iOS and Android are so popular, fewer people rely on these APIs to create bespoke Facebook experiences. It's why we announced in April that we're winding down access to them. We've already ended 22 of these partnerships. As always we're working closely with our partners to provide alternative ways for people to still use Facebook," concluded Archibong.
A reporter for The New York Times found that once he'd connected his Facebook account to a BlackBerry phone, it requested his profile data including users ID, name and picture, retrieved his private messages and responses and the user ID of each person he was communicating with. That data then flowed to the BlackBerry app known as The Hub, where BlackBerry users can view all of their messages and social media accounts.
While the reporter appeared to have willingly given access to his Facebook data, the fact that the responses from his friends look to have been sucked up by BlackBerry's software is worrying, as the reporter's friends may not have agreed to such data syphoning by a non-Facebook service.
This doesn't mean that BlackBerry is abusing that data, given it's still connected to a user who gave BlackBerry access to his Facebook profile. But it does raise question over what data should be sucked up and the amount of "deep access" some third-party companies have to Facebook data, and whether Facebook's effort to wind down API access is effective at bolstering user privacy. µ
The IoT has gone unsecured for too long, says DCMS and NCSC
Mobile-friendly app will offer a 'desktop-class' experience
Alexa, show me half-arsed implementation
Samsung reportedly orders in 6.66in OLED panels