On Sunday, The New York Times revealed that Facebook has been providing mobile phone and tablet vendors access to user (and users’ friends’) data even though the users did not consent to it and even if they configured their Facebook settings to prevent data sharing with third parties.
Facebook has established 60 or so user data-sharing partnership with companies such as Apple, Amazon, BlackBerry, Microsoft and Samsung, but also Chinese-based Huawei, Lenovo, Oppo and TCL back in 2009, when getting Facebook onto mobile devices was not as easy as installing an app from (then non-existent) online app markets.
The news caused an uproar, and Facebook went on the defensive.
“In the early days of mobile, the demand for Facebook outpaced our ability to build versions of the product that worked on every phone or operating system. So companies like Facebook, Google, Twitter and YouTube had to work directly with operating system and device manufacturers to get their products into people’s hands. To bridge this gap, we built a set of device-integrated APIs that allowed companies to recreate Facebook-like experiences for their individual devices or operating systems,” Ime Archibong, VP of Product Partnerships at Facebook, explained.
“Given that these APIs enabled other companies to recreate the Facebook experience, we controlled them tightly from the get-go. These partners signed agreements that prevented people’s Facebook information from being used for any other purpose than to recreate Facebook-like experiences. Partners could not integrate the user’s Facebook features with their devices without the user’s permission. And our partnership and engineering teams approved the Facebook experiences these companies built.”
In short, Facebook claims these companies are not third parties, but extensions of Facebook itself, so they did not need to ask users’ permission to share their data with them.
“We are not aware of any abuse by these companies,” Archibong added. Of course, that does not mean that the abuse didn’t happen. And if it did, would Facebook be able to tell and be ready to sacrifice their collaboration with the companies in the name of user privacy?
Should Facebook users be worried?
It all comes down to whether they trust Facebook’s latest assurances, but the company does not have a good track record when it comes to promises.
Whether Mark Zuckerberg and company managers actually believe everything they claim or they are simply sounding off prepared lines while keeping fingers crossed that they will never be proven wrong is a matter of personal opinion. What we know is that they are not infallible, and that their mistakes can have serious consequences.
According to the NYT, Facebook officials confirmed that the agreements with the Chinese companies, for example, allowed them retrieve detailed information (name, user ID, email address, location, birthday, political affiliation, work and education history, relationship status, likes, etc.) on both device users and all of their friends.
But, they said that the company is winding down the Huawei partnership by the end of the week, although they claim that none of these companies exfiltrated user data to their servers. Again, we have only their word that they’ve put successful protective measures in place to prevent this.
The company has also announced in April (via announced changes to the Facebook Platform and Policy) that they “are winding down access to device-integrated APIs that enabled partners to provide Facebook experiences under partnership agreements” and, apparently, 22 of these partnerships have already been ended.
It now remains to be seen whether the FTC will consider these things to be violations of the agreement they reached with Facebook in 2011. Also, whether the US Congress will be satisfied with Facebook’s assurances that user information did not end up on Chinese servers.