[phwd]

At the risk of pointing to the documentation,

graph-facebook-com/app/activities is an endpoint used by 3rd party developers working with Facebook SDKs to send app analytic data for insights.

https://developers.facebook.com/docs/marketing-api/app-event... http://www.facebook.com/analytics https://business.facebook.com/events_manager/app/events

This is what a URL can look like.

graph-facebook-com/1106907002683888/activities?method=POST&event=MOBILE_APP_INSTALL&anon_id=1&advertiser_tracking_enabled=1&application_tracking_enabled=1&custom_events=[{%22_eventName%22:%22fb_mobile_purchase%22,}]

If you click the above you'll litter my analytics feed for my app 1106907002683888 with junk data.

Just in case, someone was looking for the specific call talked about because I couldn't find it linked in Vice's article.

[floatingatoll]

It’s generally not a good idea to clearly “wink wink” indicate how to abuse an endpoint, since that abuse can be easily interpreted under various criminal laws as malicious and worthy of prosecution. You could protect yourself against such accusations with more neutral language, starting with rewording the “litter” sentence.