Back in 2015, Facebook stopped third-party app developers from accessing your friends’ data.
As evidenced from the Cambridge Analytica scandal, that kind of shady behaviour has resulted in quite the privacy nightmare, but according to a new report, phone and tablet manufacturers apparently had access to that data too.
The New York Times reported the social media giant had data sharing partnerships with at least 60 device makers, including Apple, Amazon, Blackberry and Samsung, with many of these agreements still continuing.
These partnerships allowed for Facebook features to be integrated into phones — a.k.a device-integrated APIs — allowing Blackberry users to call their Facebook friends, for instance.
Such integrations were perhaps necessary at a time when smartphones didn’t have adequate specifications to run Facebook apps.
According to the Times, Facebook didn’t treat these device makers as a third-party, allowing these manufacturers to access user data without their consent.
Furthermore, reportedly some manufacturers could retrieve a user’s friends’ data, even if they believe they opted to not share their information with outsiders. Since April, Facebook has worked to end these partnerships with device makers.
Reportedly some manufacturers could retrieve user’s friends’ data, even if they believe they opted to not share their information.
“It’s like having door locks installed, only to find out that the locksmith also gave keys to all of his friends so they can come in and rifle through your stuff without having to ask you for permission,” Ashkan Soltani, the former Federal Trade Commission chief technologist who is now a research and privacy consultant, told the newspaper.
These revelations potentially contravene a settlement Facebook made with the FTC in 2011, in which the company was required to ensure it obtained consent from users if their data was shared beyond their chosen privacy settings.
Facebook responded to the Times report by stating the company disagreed with the issues the newspaper raised with these device-integrated APIs, saying it controlled these agreements “tightly from the get-go,” and that it was different to what had happened with Cambridge Analytica.
“These partners signed agreements that prevented people’s Facebook information from being used for any other purpose than to recreate Facebook-like experiences,” Ime Archibong, Facebook’s VP of product partnerships, said in a blog post.
“Partners could not integrate the user’s Facebook features with their devices without the user’s permission. And our partnership and engineering teams approved the Facebook experiences these companies built.
“Contrary to claims by the New York Times, friends’ information, like photos, was only accessible on devices when people made a decision to share their information with those friends. We are not aware of any abuse by these companies.”
Apple and Samsung have been contacted for comment.