The latest round of privacy controls improvements from Facebook – widely perceived as a response to competition from Google+ – let members select per-item policies for literally everything they post. It’s a simple, but very pervasive, set of controls that let users set limits on everything, and preview their published assets as friends and the general public would see them.
But do these changes have any effect on what apps running on the Facebook Platform will be able to see? The way the Platform works now, a Facebook app runs with the permissions of its user. That makes sense, because how else can an app such as a game gain access to the list of friends with whom the user might want to play? Still, although it’s officially against Facebook policy, apps are capable of collecting that data for servers that may store it for other purposes.
This afternoon, Facebook spokesperson Meredith Chin tells RWW that visibility of other user’s data through apps running on the Facebook platform will not change following the rollout of new privacy controls. In other words, apps will continue to inherit the permissions of their users.
“Nothing is changing with what apps can access,” states Chin.
Facebook Platform apps, however, will not have visibility into what the user’s privacy settings are, Chin tells us, and will not be able to determine if the user has posted any assets to Facebook that are restricted to friends only.
When asked whether a Platform app would be capable of elevating its privileges so that assets that were not visible to the app before could be made visible, Chin responded no. Privilege elevation has been used legitimately on other platforms, mainly operating systems, to enable remote apps to have limited (or in some dangerous cases, unlimited) access to restricted resources, such as the file system. When methods for legitimate privilege elevation have been made public, historically they’ve led to catastrophic consequences.