Last year, at Facebook’s F8 developers conference, the company introduced developer tools designed to crack down on apps that took liberties with users’ Facebook account data. Apps new to the Facebook fold had to support them immediately, while existing partners got a year to embrace the changes.
Now, time’s up: On Thursday, the company will flip the switch on its Login and Graph APIs (see our API explainer), making support mandatory for everyone. That means all apps that tie into Facebook must allow users to pick and choose the data outside apps can read. The company also wants to prevent apps from making extraneous or unnecessary requests for Facebook information.
“We want developers to make it clear to people how their [Facebook] information’s being used,” said Facebook product manager Simon Cross, at an intimate “whiteboard” press meeting Tuesday. “And we want people to have more control over apps.”
Admirable goals. But the move could also cause a ripple effect that kicks up errors, bugs and crashes in apps—as well as even entire app removals, in some cases.
How Facebook Is Clamping Down On Data Requests
According to Cross, Facebook released the APIs last year to give everyone plenty of time to work with them. At this point, the majority of apps that connect to Facebook today already support the updates.
The most visible change appears when you launch an updated app, choose Facebook Login and see a new link on the authentication page: “Edit the info you provide.” Tapping the link conjures a list of options users can approve or nix, one by one. If an app doesn’t need your birthdate, you can uncheck that. No need for your “Likes” or “Friend List,” then go ahead and untick those options. (In some cases, you may have to go into your Facebook app settings, remove the app from the page, and then re-download the mobile app to see the link.)
But there’s a caveat: Setting permissions now won’t alter the Facebook data that apps may have already collected about you. If you’ve already given up access to your birthday, address or other details, you must contact the app developers directly, if they want those bits removed from your account.
The company wants to prevent third-party apps from gathering unnecessary information about Facebook users from the get-go, so it also instituted a new Login Review process. Apps that ask for basic data—like a public profile, e-mail address and friend list—can bypass it, but those trying to dig in deeper will have to go through a manual review by Facebook staff. The team makes its decision based on how reasonable the data requests are, assessing whether they’re really necessary for the app to function.
The process can take roughly three to five days per app, Cross added, though the team aims for just a day or two. So far, he estimates that Facebook has reviewed more than 40,000 apps over the past year.
The Graph API, version 2.0, adds another layer of protection. Essentially, the changes prevent apps from pulling in data from Facebook friends, just because the primary accountholder gave permission.
That often comes into play when users grant access to their newsfeeds, which are essentially populated by other people’s posts and photos. A user can still connect their own images or updates to outside apps.
What The Changes Mean For Developers And End Users
Ultimately, the changes were designed to beat back the Facebook “creepiness factor”—that uneasy feeling when users suddenly saw third-party apps posting on their timelines, contacting their friends or pulling their shared photos.
“We’ve gotten clear feedback that people wanted this experience,” said Cross, who explained that putting users at ease can help developers make more revenue. It makes for a compelling case. Since the company debuted the tools last year, it has seen 50% fewer permissions requested, and an 11% increase in the numbers of people logging in, at least according to Facebook’s numbers.
Cross mentioned several times that the “majority” of partner apps already support the new APIs. However, he wouldn’t offer specific numbers or percentages, so there’s no telling how many apps actually made the transition. As many as 99.9% of Facebook partner apps may work, or nearly half may fail, which makes for a huge margin of uncertainty.
“We’re not turning off the old system, so if you haven’t upgraded, it’s not like everything will break,” said Cross. “How the app behaves if you haven’t upgraded yourself will very much depend on how you coded the system. [But] there could be errors.”
The issues could range from pop-up error alerts to app crashes, or even worse. One photo-sharing app that relies on Facebook will pull its app, pending support for Facebook’s APIs. (In this instance, a brand-new version will debut with support for Facebook’s changes.) Other apps, according to TechCrunch, plan to shut down completely in the face of the forced changes—like Job Fusion, which needs to know where friends work to display job openings with those employers. According to the site, CareerSonar, Jobs With Friends, and adzuna Connect will also join the ranks of the fallen.
Major apps from marquee partners—such as Netflix, Pinterest and Hootsuite—have already transitioned, so they should continue working without interruption. As for indie apps, the future seems far less certain.
Photos by Adriana Lee for ReadWrite