Facebook is working on its app development policy to exclude apps that access usersâ€™ News Feeds for a â€œliving.â€ The company announced its new login features a year ago and, for apps and developers, time is almost up.
Apps calling Facebookâ€™s Graph API v1.0 have until April 30, 2015 to upgrade to newer versions and comply with the new login standards if they want to remain functional.
This includes apps that base their functionality on the read_stream permission. Read_stream is an extended permission apps use to read or modify usersâ€™ posts to offer comprehensive reports on user activity. Uses could include monitoring child behavior, offering security advice on Facebook threats and other services.
This permission is especially useful for businesses. They collect valuable insight via Facebook. First, via the Facebook login feature and, second, through permissions – strings that come with any login request or an API call. Permissions allow developers and other third parties to access a wide variety of personal data (location, images, email addresses, phone contacts, etc.) with the userâ€™s consent. Some basic permissions include:
email – Access to a person’s primary email address.
user_likes – Access to the list of things a person likes.
However, some permissions are more sensitive than others. Read_stream is one of them, as it â€œprovides access to read the posts in a person’s News Feed, or the posts on their Profile,â€ according to Facebook.
So Facebook decided that this permission should work only with â€œapps building a Facebook-branded client on platforms where Facebook is not already availableâ€ – like smart refrigerators,and other IoE devices that donâ€™t come with a dedicated Facebook app, for instance. â€œFor example, Android and iOS apps will not be approved for this permission. In addition, Web, Desktop, in-car and TV apps will not be granted this permission,â€ it added.
How does it impact users and the developer community?
With the new login features, Facebook is unbundling app permissions. This means when users log in with Facebook, they will be able to select which permissions they grant to apps and even log in anonymously, if the developer makes the option available. What’s more, developers will have to prove to Facebook that the permissions their apps request are actually necessary.
While this offers users more flexibility and control, it also comes with disadvantages. Revoking read_stream means users will no longer be alerted of Facebook-specific security threats, such as Facebook scams. Bitdefender has always been a step ahead, warning users of potentially harmful links posted by their friends. Some of the latest Facebook threats users have been advisedÂ about are tag scams – thousands of users have been tagged in a post with an inciting image disguised as video. The post redirected the user to a malicious Chrome browser extension that offered the attacker control of everything going through the browser, including passwords and other sensitive data. Whatâ€™s more, Bitdefender has revealed that anyone can fall victim to Facebook scams, such as the classic â€œguess who viewed your profileâ€ scam and other popular ones. So, is it worth the risk?
Facebook’s changes also imply changes on the developer side. Some developers have been vocal about it, but Facebook hasnâ€™t shown any flexibility on the matter. On forums, some asked for examples where read_stream will be acceptable, but Facebook gave no straight-forward examples.
A few are looking for a way to bypass this permission. One alternative is to route traffic through a toolbar in the userâ€™s browser. But itâ€™s not advisable from a security stand point â€“ if weâ€™re talking about a security app, malicious links would remain hidden from users Feeds, without actually informing them of the risks.
Why is Facebook forbidding access to usersâ€™ Feeds?
To enhance privacy. At least, thatâ€™s what Facebook says. First thought that comes to mind is that they want to prevent rogue apps used by cyber-criminals from spying on people. Typical examples are profile viewer apps, apps that redirect to phishing links and forms and apps that lead to malicious downloads or survey scams.
But, while looking for an answer, newspapers report that Facebook just announced the launch of its own â€œprivacy-friendlyâ€ analytics tool that provides general insights to businesses.
â€œWith topic data, weâ€™ve grouped data and stripped personal information from Facebook activity (not including Messenger) to offer insights on all the activity around a topic. That means marketers get a holistic and actionable view of their audience for the first time,â€ Facebook said in a blog post.
Apparently, their tool is not intrusive, when compared to others.
â€œLike other insights information on Facebook, all the information used for topic data is anonymized and aggregated. We are not disclosing personally identifying information to anyone, including our partners and marketers. And, the results delivered to marketers are analyses and interpretations of the information, not actual topic data,â€ Facebook added.
An interesting coincidence, right? So, will users get a chance to miss their favorite apps or will Facebook cover all their functionalities at some point? What do you think?