Facebook tightens security of some APIs in platform changes

Facebook tightens security of some APIs in platform changes

Amid the continued fallout after Cambridge Analytica took advantage of Facebook’s APIs, the social media giant is making several platform changes.

For anyone who’s been living under a rock, election data firm Cambridge Analytica partnered with an app which used prior versions of Facebook’s advertising API to collect data on at least 87 million users without their consent.

Investigations are ongoing as to whether this data was used to influence people’s decisions in major democratic processes – including the US Presidential Elections, and the UK’s EU referendum. The DOJ, FBI, SEC, and FTC are all now investigating Facebook's role in the Cambridge Analytica scandal.

Facebook has since taken several measures to prevent its users’ data being abused in this manner – including launching an audit into existing apps, changing app data policies, restricting information available to developers, and introducing a tool for users to bulk remove apps.

Today, it’s announced six platform changes, some clearly aimed at preventing abuse:

  • Developers can no longer run test queries using the Graph API Explorer App, they must use their own apps’ access tokens on the Graph API Explorer.

  • The company’s  Profile Expression Kit – used by approved developers to enable people to share photos and videos created in their apps as profile pictures and videos on Facebook – will be deprecated on Oct 1st.

  • Some changes are being made to the Media Solutions family of APIs. Going forward, public content discovery APIs will be limited to page content and public posts on certain verified profiles. On August 1st, Facebook plans to deprecate Topic Search, Topic Insights and Topic Feed, and Public Figure APIs.

  • Facebook is reintroducing the ability to search for Facebook Pages via the Pages API. However, developers will need feature permissions to Page Public Content Access, which can only be obtained through the app review process.

  • App review permissions are being introduced for the Lead Ads Retrieval and Live video APIs.

  • Finally, an app review process is being implemented for the Marketing API which helps businesses automate and scale their advertising on Facebook’s platform. A new, two-tier structure is being used.

That final point is perhaps the biggest of Facebook’s changes announced today and is a clear response to what happened with Cambridge Analytica and the subsequent ongoing investigations.

Back in May, Facebook said it suspended around 200 apps following an investigation into thousands of whether they misused users’ data.