Facebook’s efforts to restrict data access through its APIs, too little and late

Last night, Facebook announced major changes in their API access. API or Application Programming Interface is a way for other software such as mobile apps, for example, to connect and access system performance data.

Simply put, what Facebook is doing is limiting data available from and changing approval requirements for Instagram, Facebook’s Events, Groups, and Pages APIs plus Facebook Login. These changes and their possible implications are listed below.

Events API: Apps will no longer have access to this unless approved by Facebook. It means they cannot draw information about the guest list or posts on the events wall. This change could affect ticketing and events discovery app.

Groups API: Facebook said to ‘better protect’ information about people and conversations in a group, third-party apps using Group APIs will require approval from Facebook and group admins “to ensure they benefit the group”. Approved apps would no longer have access to the member list of a group, and names and profile photos associated with post or comments.

Pages API: Till yesterday, apps with access to Pages API could read posts or comments on a page. According to Facebook, this inadvertently gave more access to developers than is necessary for page admins to schedule posts or reply to comments and messages. From now on all of these would have to seek approval from Facebook.

Instagram API: Earlier scheduled for a deprecation on July 31, Instagram disabled access to its old platform API. The deprecation for public media reading APIs and basic profile info APIs will take place as scheduled on December 11, 2018, and by early 2020 respectively.

Facebook Login: Effective immediately, “Facebook will need to approve all apps that request access to information such as check-ins, likes, photos, posts, videos, events and groups”. It will no longer allow apps to ask for a user’s religious or political views, relationship status and details, news reading, video watch activity, and other such personal information. By next week, it will also revoke a developer’s ability to share this data if a user hasn’t used the app for 3 months.
Search and Account Recovery: Till yesterday, Facebook allowed a user to search another user by phone number or email to find them. Now, the social network giant says it found ‘malicious actors’ using the feature to scrape public profile information. It has disabled this feature. To reduce the risk of scraping, it would also make changes to its account recovery feature.

Call and Text History: This is part of an opt-in feature for people who use its Messenger or Facebook Lite apps on Android. It allows Facebook to pull information about who you contact most frequently from your contact list. Facebook clarified it does not collect the content of messages through this feature and will delete all logs which are older than a year. Henceforth, it will not collect information such as the time of your calls. (Facebook would no longer know who you are calling in the wee hours.)

In other news, Facebook also confirmed that it scans the links and photos that a user sends though its Messenger app. This feature gives it the ability to block content that does not adhere to its policies. However, the platform does not scan Messenger for fake news.