Social Networks

Why is Facebook Blocking Apps from Reading News Feeds?

Facebook is working on its app development policy to exclude apps that access users’ News Feeds for a “living.” The company announced its new login features a year ago and, for apps and developers, time is almost up.

Apps calling Facebook’s Graph API v1.0 have until April 30, 2015 to upgrade to newer versions and comply with the new login standards if they want to remain functional.

This includes apps that base their functionality on the read_stream permission. Read_stream is an extended permission apps use to read or modify users’ posts to offer comprehensive reports on user activity. Uses could include monitoring child behavior, offering security advice on Facebook threats and other services.


This permission is especially useful for businesses. They collect valuable insight via Facebook. First, via the Facebook login feature and, second, through permissions – strings that come with any login request or an API call. Permissions allow developers and other third parties to access a wide variety of personal data (location, images, email addresses, phone contacts, etc.) with the user’s consent. Some basic permissions include:

email – Access to a person’s primary email address.

user_likes – Access to the list of things a person likes.

However, some permissions are more sensitive than others. Read_stream is one of them, as it “provides access to read the posts in a person’s News Feed, or the posts on their Profile,” according to Facebook.

So Facebook decided that this permission should work only with “apps building a Facebook-branded client on platforms where Facebook is not already available” – like smart refrigerators,and other IoE devices that don’t come with a dedicated Facebook app, for instance. “For example, Android and iOS apps will not be approved for this permission. In addition, Web, Desktop, in-car and TV apps will not be granted this permission,” it added.

How does it impact users and the developer community?

With the new login features, Facebook is unbundling app permissions. This means when users log in with Facebook, they will be able to select which permissions they grant to apps and even log in anonymously, if the developer makes the option available. What’s more, developers will have to prove to Facebook that the permissions their apps request are actually necessary.

While this offers users more flexibility and control, it also comes with disadvantages. Revoking read_stream means users will no longer be alerted of Facebook-specific security threats, such as Facebook scams. Bitdefender has always been a step ahead, warning users of potentially harmful links posted by their friends. Some of the latest Facebook threats users have been advised about are tag scams – thousands of users have been tagged in a post with an inciting image disguised as video. The post redirected the user to a malicious Chrome browser extension that offered the attacker control of everything going through the browser, including passwords and other sensitive data. What’s more, Bitdefender has revealed that anyone can fall victim to Facebook scams, such as the classic “guess who viewed your profile” scam and other popular ones. So, is it worth the risk?

Facebook’s changes also imply changes on the developer side. Some developers have been vocal about it, but Facebook hasn’t shown any flexibility on the matter. On forums, some asked for examples where read_stream will be acceptable, but Facebook gave no straight-forward examples.

A few are looking for a way to bypass this permission. One alternative is to route traffic through a toolbar in the user’s browser. But it’s not advisable from a security stand point – if we’re talking about a security app, malicious links would remain hidden from users Feeds, without actually informing them of the risks.

Why is Facebook forbidding access to users’ Feeds?

To enhance privacy. At least, that’s what Facebook says. First thought that comes to mind is that they want to prevent rogue apps used by cyber-criminals from spying on people. Typical examples are profile viewer apps, apps that redirect to phishing links and forms and apps that lead to malicious downloads or survey scams.

But, while looking for an answer, newspapers report that Facebook just announced the launch of its own “privacy-friendly” analytics tool that provides general insights to businesses.

“With topic data, we’ve grouped data and stripped personal information from Facebook activity (not including Messenger) to offer insights on all the activity around a topic. That means marketers get a holistic and actionable view of their audience for the first time,” Facebook said in a blog post.

Apparently, their tool is not intrusive, when compared to others.

“Like other insights information on Facebook, all the information used for topic data is anonymized and aggregated. We are not disclosing personally identifying information to anyone, including our partners and marketers. And, the results delivered to marketers are analyses and interpretations of the information, not actual topic data,” Facebook added.

An interesting coincidence, right? So, will users get a chance to miss their favorite apps or will Facebook cover all their functionalities at some point? What do you think?

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.