Skip to main content

Facebook suspends 200 apps following audit as Cambridge Analytica scandal grows

Following an audit, Facebook has banned 200 apps over user data practices

After a third-party app mined and then sold user information, Facebook has begun cracking down on just what information those apps can use. Two weeks after the Cambridge Analytica scandal broke, Facebook shared several changes to third-party app access and said additional adjustments are in store. The changes come with an updated count of around 87 million Facebook users affected by the Cambridge Analytica data scandal, a number that was originally at “more than” 50 million.

On March 21, Facebook founder and CEO Mark Zuckerberg promised an app investigation and audit, promising to ban any apps that were found to have or abuse excessive amounts of personal data. Now, nearly two months later, the social network is giving us an update on that process.  Thus far, “thousands of apps have been investigated and around 200 have been suspended,” Facebook noted. “Where we find evidence that these or other apps did misuse data, we will ban them and notify people via this website. It will show people if they or their friends installed an app that misused data before 2015 — just as we did for Cambridge Analytica.”

That said, there are still many more apps under investigation, the company notes, and alas, several “may have misused people’s Facebook data.” However, the social media giant is promising to invest heavily to ensure that the investigation is “as thorough and timely as possible.”

The investigation isn’t the only measure Facebook has taken to protect its users. As of Monday, April 9, users began seeing an app control link at the top of their News Feed. Clicking the link lets users see what apps they use and the information shared with the apps. Users can remove apps no longer wanted. Facebook will also tell people if their data may have been improperly shared with Cambridge Analytica. Facebook previewed the app information messages with the screen images below.


The changes eliminate access to some features entirely while modifying others. Search tools that allow you to type a phone number or email into the Facebook search bar and find the person associated with that information will be disabled entirely. Facebook says that, while the feature simplified searches with common names and language barriers, the same tool could also be abused to find a name to connect with a phone number or email.

Several other categories see reduced access. Adding a Facebook event to another app will no longer allow that app to access the guest list or posts on the event’s wall. Leaving info about the event intact allows apps to add the event to a calendar, for example, Facebook says.

For Facebook Groups, any app that wants to access group data will now require approval not just from an administrator, but Facebook too. Even when granted access, the names of the profile photos of the group members will be excluded from the data.

Apps that access information from Pages, which are often used for tasks like scheduling posts and responding to messages and comments, will need Facebook’s approval. The network says the apps need a variety of information to provide those tools, but in order to ensure that information is necessary, the network will approve any third-party app first before allowing access to the Pages API.

Requirements for apps using Facebook data as a login are also tightening, with personal details —  including political views, relationship status, work history, and others — excluded from the data. Apps requesting to see other data, such as the posts likes and photos, will need to be approved by Facebook. The apps using Facebook Login will also be automatically removed after three months of inactivity on the app.

That call data that surprised Android users will remain an opt-in feature. Those logs will be deleted after one year and will use fewer details, eliminating the time of the call, Facebook says. The tool doesn’t monitor the content of texts or calls, Facebook says.

Instagram’s Platform API depreciation was already scheduled, but Facebook is moving up that timeline with a handful of changes effective immediately. The changes eliminated the ability for apps to get information about follows, followers, relationships, comments and other data.

Updated on May 14: Added news that Facebook has removed 200 apps found to violate data policy. 

Editors' Recommendations

Lulu Chang
Former Digital Trends Contributor
Fascinated by the effects of technology on human interaction, Lulu believes that if her parents can use your new app…
Facebook likely knew about Cambridge Analytica much earlier than we thought
Zuckerberg Testimony Congress

Mark Zuckerberg appears before Congress on April 10, 2018. Jim Watson/AFP/Getty Images
Newly-released documents suggest that Facebook knew about the Cambridge Analytica scandal much earlier than we originally thought.
Documents suggest that Facebook knew the company was gathering user profile data three months before the press revealed that the firm was using profile data to target voters during the 2016 elections, CNBC reports.
Internal emails released by Facebook suggest that the social network had concerns about Cambridge Analytica as well as several other companies that were using data in ways that potentially violate Facebook policies as early as September 2015. Those documents suggested that Facebook employees planned to reach out to the companies in question to determine how they were using Facebook’s data. One email sent on September 30, 2015 speculatd that "these apps' data-scraping activity is likely non-compliant" with Facebook's policies. 
Facebook made a joint statement Friday about the issue along with District of Columbia Attorney General. It also released a separate statement explaining the documents, which it says hold the potential for confusion -- confusion it wanted to preemptively clear up.

"There is no substantively new information in this document and the issues have been previously reported," a blog post posted by Paul Grewal, Vice President and Deputy General Counsel for Facebook reads."As we have said many times, including last week to a British parliamentary committee, these are two distinct issues. One involved unconfirmed reports of scraping — accessing or collecting public data from our products using automated means — and the other involved policy violations by Aleksandr Kogan, an app developer who sold user data to Cambridge Analytica. This document proves the issues are separate; conflating them has the potential to mislead people."

Read more
The FTC’s $5 billion privacy fine on Facebook could’ve been much, much bigger
Facebook CEO Mark Zuckerberg

The federal government almost fined Facebook tens of billions of dollars for privacy violations -- and nearly held CEO Mark Zuckerberg accountable -- instead of the eventual $5 billion settlement between the Federal Trade Commission (FTC) and the social media giant.

The $5 billion dollar penalty was still an all-time record for an FTC fine, but the agency’s privacy investigation could have resulted in a much harsher punishment, according to The Washington Post.

Read more
Zuckerberg may have known more about Facebook’s privacy scandal than we thought
social media mark zucerberg with american flags

In the midst of an ongoing Federal Trade Commission investigation into Facebook's Cambridge Analytica privacy scandal, a new report suggests that Facebook founder and Chief Executive Officer Mark Zuckerberg may have known about the company's much-criticized cavalier approach to privacy.

According to a report from the Wall Street Journal, emails shared with the FTC suggest that Zuckerberg knew about, and was connected to, the company’s questionable treatment of user data. It's not clear exactly what the emails say, or whether they are specifically about Cambridge Analytica.

Read more