The New York Times has broken what could amount to the next major Facebook data breach scandal. The publication says Facebook has been sharing information about users with major phone makers–including Apple, Microsoft, and Samsung–for over a decade. The New York Times says the data shared included Facebook users’ education history, relationship status, work, political leanings, religion, and upcoming events. The data was reportedly shared with device makers via the company’s device-integrated APIs. Those APIs were launched by Facebook a decade ago, before app stores were common, and allows device makers to offer Facebook features, such as the Like button and messaging, on their phones.
The problem with this arises, however, because users were not aware Facebook was giving their data to device makers, the Times notes:
Facebook allowed the device companies access to the data of users’ friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users’ friends who believed they had barred any sharing, the New York Times found.
Unlike the last data scandal, which saw Facebook user data being shared with Cambridge Analytica, Facebook was quick to address the reporting. The company has published a blog post written by VP of product partnerships Ime Archibong in which he says the company “disagree[s] with the issues they’ve raised about these APIs”:
Given that these APIs enabled other companies to recreate the Facebook experience, we controlled them tightly from the get-go. These partners signed agreements that prevented people’s Facebook information from being used for any other purpose than to recreate Facebook-like experiences. Partners could not integrate the user’s Facebook features with their devices without the user’s permission. And our partnership and engineering teams approved the Facebook experiences these companies built. Contrary to claims by the New York Times, friends’ information, like photos, was only accessible on devices when people made a decision to share their information with those friends. We are not aware of any abuse by these companies.
This is very different from the public APIs used by third-party developers, like Aleksandr Kogan. These third-party developers were not allowed to offer versions of Facebook to people and, instead, used the Facebook information people shared with them to build completely new experiences.