When you’re installing a new Facebook application, you probably don’t think about the app’s privacy policy, but perhaps you should. After all, the privacy policy is where the company spells out exactly what they can and will do with your personal user information. However, according to the findings released yesterday on the site Social Hacking, the state of Facebook application privacy policies leaves a lot to be desired. After delving into the current list of the top 25 applications, some disturbing information was revealed. For example, 36% of these top apps had no published privacy policy whatsoever or only offered a link to it after you authorized the application.
Does That App Have a Privacy Policy? Probably Not
Each of the top 25 applications on Facebook have at least 5.5 million monthly active users and 12 of these apps are labeled as “Facebook Verified,” a designation which essentially means they have been given the Facebook seal of approval when it comes to their trustworthiness. But how trustworthy are these apps, really?
To determine the state of application privacy policies, “theharmonyguy” (the anonymous blogger who maintains the site Social Hacking) looked for links on the app’s Info page referring to a privacy policy, looked for links within the app’s TOS (Terms of Service) page, and looked within the help/support pages, too. Plaintext URLs were also counted as links, if present.
In nearly a third of the applications, there was no link to a privacy policy listed.
Among the apps with no privacy policy are the #3 app “How Well Do You Know Me,” the #5 app “MyCalendar,” and the #12 app “Farm Town,” among others.
Two of the applications only provided a link to the privacy policy after installation, one on the first page after installation and the other buried within a linked support page. One of these apps was the Facebook Verified app “We’re Related.” Seven applications included links in their Info pages, but in five of the seven, you would have to first click the “About” link to go to the developer’s web site to discover the privacy policy link.
Eight applications included privacy policy links from links found on both the Info page and the TOS page. But only one application actually served up the privacy policy link directly from the application’s Info page itself: CourseFeed.
Surprisingly, the “Facebook Verified” application known as RockYou Live (formerly Super Wall) offered no privacy policy whatsoever within the application or via its links to other pages. The About link pointed to a section of the application which requires user installation and the install page offered no TOS link, either. (And this is supposedly one of the trustworthy apps?)
Application Privacy: Old News Perhaps, But Still an Issue
Today, Facebook is busy defending itself against accusations that they’re using user data for advertising purposes, but it seems that the real danger on Facebook may be the access to this same user data from unknown companies outside of the social network. This is not really a new issue – nearly a year and a half ago, Facebook application privacy issues were heavilydiscussed in the blogosphere for some time. It’s interesting to look again at the status of this problem and see how little has changed since then.
In fact, today Facebook’s Application Terms of Service warns you (shouts at you in UPPERCASE, no less) that:
“ALL PLATFORM APPLICATIONS ARE PROVIDED AS IS” and that “YOU UNDERSTAND AND AGREE THAT YOU DOWNLOAD, INSTALL AND/OR USE ANY PLATFORM APPLICATIONS AT YOUR OWN DISCRETION AND RISK.”
Within your Privacy settings, you’re also informed that:
“When you authorize an application, it will be able to access any information associated with your account that it requires to work. The application can access information like your personal info and photos as well as your friends’ personal info (depending on their settings).”
In other words, you’ve been warned.
Why Doesn’t Facebook Make Apps Offer a Privacy Policy?
It appears there’s absolutely no requirement for Facebook applications to provide links to their own privacy policies to application users. And there’s certainly no requirement that these links are prominently displayed for easy access.
This would be a simple policy for Facebook to enact, although perhaps a hard one to enforce in terms of man hours needed to keep tabs on all the apps across the social network. Someone would need to make sure that the apps not only offered privacy policies but also didn’t remove the links after time passed and devious developers thought they could get away with the removal. Plus, there would still be the issue of the external privacy policies being updated after you agreed to them. What may have been innocuous at first could easily be updated to be quite terrible later on. Unless you routinely checked the privacy policy (which no one does) you would never know the change occurred.
Managing the network of applications could be made easier, however, with a little crowd-sourcing. There’s already a “report this app” link provided at the bottom of all application pages. The link currently allows users to report privacy violations, so why not let users report the lack of a privacy policy, too? That seems like a good first step Facebook could take in this situation.
Although the majority of users would still probably never look at privacy policies even if changes were made, having them consistently and prominently displayed would at least put pressure on application developers to think more carefully about how they would access Facebook user data as this would now be disclosed. And that may be the best we could hope for when it comes to these applications.