[downandout]

That’s actually the point of my post. I have been developing Facebook apps since the very beginning of the developer platform, but stopped because the new rules were so restrictive that they made apps useless. There is no point to developing social network apps that can’t involve the user’s social network.

Since all apps have these restrictions, I don’t believe that any apps at issue here had special permissions. However, it is possible that they scraped public data and were assisted in being pointed to which data to scrape by the direct profile data they obtained through the apps. Enough friends lists etc. are public to make this potentially beneficial.

No specs have been released about CA’s “psychographic profiling”. We don’t know the extent of the data that they had access to, what data went into it (perhaps it was based on name and friends list only, which are mostly public etc.). So until we know more, we can only assume that these apps had the same constraints that all others do.