| "- Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate. In fact, the apps could access nearly all of users' personal data – data the apps didn't need." Privacy/ethics issues aside, from a pure developer standpoint, isn't this just a feature? Where do we draw the line between functionality and privacy? User A allows user B to see her data via "Friends only." User B runs app X, whose functionality includes interacting with friends. Let's say it shows on a map where each of your friends lives. App X can see the said data for the purposes of providing functionality. Yes, I know that by strict definition this conflicts with "friends only." You now have "friends and the application executable code only." But how is this different from, say, Gmail auto-scanning my e-mail to show ads? Is it because I trust Google and don't trust $random_fb_app_developer? Likely one concern is that this third-party developer can disrespect (or actually, not even know about) that "friends only" setting and inadvertently make the data visible to other parties. (Disclaimer: Don't get me wrong, I loathe/distrust most FB apps as much as the next person. Just trying to think from an honest developer's shoes here.) |
I'm somewhat sympathetic to Facebook on the other app-related claim as well, "Facebook represented that third-party apps that users' installed would have access only to user information that they needed to operate." Yes, Facebook could've done better on that, but fine-grained security is something nearly nobody has solved.