A new investigation by the New York Times reveals that Facebook may have been keeping another big secret: Tech manufacturers like Samsung, Apple, and more could have access to your personal data and to your friends’ personal data. Sound familiar? It’s because companies accessing yours, your friends’, and friends of friends’ personal data are exactly what led to the Cambridge Analytica scandal.
A reporter used a 2013 Blackberry phone to conduct their test. They logged into their Facebook account and then monitored all requested and received data through an app called “The Hub.” The reporter has 550 Facebook friends. During the test period, the reporter found out through the app that his phone retrieved “identifying information” on around 295,000 Facebook users. The reason that the number of users is so high is because the device accessed information on friends of friends.
Facebook quickly issued a statement written by Ime Archibong, vice president of product partnerships. The post is titled “Why We Disagree with The New York Times.” It describes the difference between the APIs that Cambridge Analytica used versus the APIs that device manufacturers used. Supposedly, the type of access that Cambridge Analytica had is a public API for third-party developers. The purpose of the public APIs was for developers to create “completely new experiences.” On the other hand, device manufacturers had access to APIs that allowed them to “recreate Facebook-like experiences.”
While the Times purports that the device manufacturers had access to vast amounts of friends of friends’ data without people’s permission, Facebook stated that information was shared only when “people made a decision” to do so.
It’s unclear what it means for people to “make a decision” to share their information. When the reporter wanted to access Facebook on their Blackberry, they had to allow the device to access their profile data, user ID, name, picture, “about” information, location, email, and cell phone number. The device also collected private messages, the senders’ name, and user ID. If this is considered granting access, then anyone who has Facebook on their phone has supposedly given permission. In this case, however, it’ll be difficult for Facebook to defend their tactics, considering most people were not notified that their data would be used by their device manufacturers.
Sandy Parakilas, who once worked for Facebook as a leader of the third-party advertising and privacy compliance team, has spoken out against his former employer.
“This was flagged internally as a privacy issue… It is shocking that this practice may still continue six years later, and it appears to contradict Facebook’s testimony to Congress that all friend permissions were disabled.”
This new report is bound to force more Facebook users to consider how their data could still be used and exploited by other companies without their immediate knowledge.