As part of its ongoing privacy investigation into the way third-party app developers use data, Facebook announced in a blog post that it has suspended “tens of thousands” of apps. Such a wide-scale app suspension initiative, of course, is entirely unprecedented. Just 12 months earlier, Facebook said that the app suspension initiative, which was launched in the wake of the Cambridge Analytica data scandal, had only impacted 400 apps. So what led to this massive app suspension by Facebook over the past year?
Facebook privacy investigation highlights “tens of thousands” apps
One major factor, of course, has to be the intense scrutiny that Facebook is now receiving from regulators, legislators, privacy experts and consumer advocates. In July 2019, the Federal Trade Commission (FTC) announced a $5 billion fine related to the Cambridge Analytica scandal. As part of this settlement, Facebook agreed to take much greater oversight over how third-party developers use data on the Facebook platform. Facebook also agreed that its third-party developers would now have to certify annually that they were following Facebook policies and procedures. Add in the fact that the U.S. Department of Justice is mulling over a massive antitrust case against Facebook, as are state attorneys general from around the nation, and you can get a good idea of why Facebook has decided to step up its app suspension program.
At one time, Facebook might have been content simply to suspend the most egregious examples of data privacy abuse. Now, however, the app suspension initiative extends to just about any app that refuses to answer questions from Facebook as to how user data is utilized, shared and monetized. That might help to explain why the number of apps suspended now is measured in the “tens of thousands.” As they say, it’s better to be safe than sorry.
However, as Facebook was quick to point out in a blog post by the company’s VP of Product Partnerships, any app suspension as a result of the company’s privacy investigation does not necessarily imply wrongdoing or any sort of privacy violation. And, as Facebook further noted, it’s also the case that the app suspension initiative sometimes involved apps that were not yet “live” on the platform, and were still in beta testing. Finally, Facebook notes that, despite the massive number of apps impacted by the app suspension program, most of the problems can be traced back to about 400 developers. As a rough approximation, then, each of these 400 developers was responsible for creating about 25 apps that got caught up in the app suspension program.
Details of the app suspension program
Facebook says it assembled a team of more than 100 individuals – including software engineers, data scientists, attorneys and privacy experts – in order to root out the “bad actors” in the Facebook developer ecosystem. Given the millions of apps for Facebook, the company first started with the apps with greatest number of users and the apps with the access to the greatest amount of data. From there, the company worked down the list of apps, coming up with various clues, insights and patterns – what Facebook refers to as “signals” – to isolate smaller apps that might not be following Facebook’s revamped developer guidelines.
In the course of the ongoing privacy investigation, Facebook came across a few egregious examples of data abuse. In those cases, Facebook banned the apps outright from operating on the Facebook platform. Presumably, these apps would have functioned much along the lines of the infamous personality quiz app used by Cambridge Analytica to gain access to personal data for more than 87 million individuals. And, in the very worst cases, Facebook took legal action against the app developers. In the blog post about the privacy investigation, Facebook specifically called out several bad actors – including Rankwave, a South Korean data analytics company, an app called MyPersonality, two companies (LionMobi and JediMobi) that used Facebook apps to infect user phones with malware that could then be used to scrape personal data, and two developers in Ukraine who were using quiz apps to scrape user data on the social network.
More changes still needed for the Facebook ecosystem
As Facebook notes in its explanation of the privacy investigation, this is an “ongoing investigation,” and the company is still expanding its efforts to root out, purge, suspend or ban apps that take advantage of Facebook users by collecting large amounts of their personal data. Facebook, for example, is cutting down on the number of APIs available to app developers in the Facebook ecosystem. Facebook is also expanding the overall size of privacy investigation team, in order to make sure that it successfully investigates and enforces all potential privacy violations.
But does this go far enough? The fact that “tens of thousands” of apps were targeted for app suspension suggests that the level of rot and corruption in the Facebook developer ecosystem extends very far. At the same time, Facebook hasn’t exactly been open and transparent about all the apps suspected of improper data use. How is it possible that, back in May 2018, only 200 apps were targeted for app suspension? And that, even after the long difficult summer of 2018, when Facebook was looking to contain the fallout from the Cambridge Analytica scandal, only 400 apps were targeted for app suspension?
Clearly, Facebook is trying to put a positive spin on things. Most notably, the blog post announcing the app suspension initiative and the privacy investigation only used the word “privacy” one time. Instead of referring to this as a “data investigation” or a “privacy investigation” – as all the major media outlets did, Facebook preferred to use the term “app developer investigation.” Facebook also did nothing to suggest that users should be alarmed at all by the app suspension program. Just business as usual at Facebook, one is left to think. The $5 billion FTC fine clearly served up as a wakeup call for Silicon Valley. Let’s hope that CEO Mark Zuckerberg continues to crack down on data and privacy abuses within the Facebook developer ecosystem.