New York Times alleges Facebook shared user data with companies via device-integrated APIs

Facebook has vigorously denied allegations that it shared user data with the likes of Apple and Samsung through device-integrated APIs. In an article entitled "Facebook Gave Device Makers Deep Access to Data on Users and Friends", the New York Times raised concerns about the social network's privacy practices.

The NYT says that Facebook has brokered "data-sharing partnerships with at least 60 device makers" over the last ten years. It alleges that the APIs gave companies access to the data of Facebook users' friends without their explicit consent. The article questions not only Facebook's privacy protections, but also its compliance with an FTC deal it struck back in 2011.

See also:

• Facebook is killing off Trending as it tries to revamp newsfeeds
• Facebook to ask all users to review privacy settings
• Facebook asks British users to submit their nudes as protection against revenge porn
• Zuckerberg's appearance in front of the EU was an utter joke

In a lengthy article, the New York Times says: "Facebook has reached data-sharing partnerships with at least 60 device makers -- including Apple, Amazon, BlackBerry, Microsoft and Samsung -- over the last decade, starting before Facebook apps were widely available on smartphones, company officials said. The deals allowed Facebook to expand its reach and let device makers offer customers popular features of the social network, such as messaging, "like" buttons and address books."

The article goes on to say:

The partnerships, whose scope has not previously been reported, raise concerns about the company's privacy protections and compliance with a 2011 consent decree with the Federal Trade Commission. Facebook allowed the device companies access to the data of users' friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users' friends who believed they had barred any sharing.

Some of the partnerships have been wound down since April, but many of them remain in place, says the NYT.

Following the Cambridge Analytica scandal, Facebook has been under close scrutiny, particular in relation to its privacy practices. In the wake of the data revelations, the social network said that it was taking steps to reduce the access that developers had to user data but, the NYT says, "company officials did not disclose that Facebook had exempted the makers of cellphones, tablets and other hardware from such restrictions".

Perhaps unsurprisingly, Facebook vehemently denies the allegations in the article.

In a blog post, Facebook's vice president of product partnerships Ime Archibong says:

In the early days of mobile, the demand for Facebook outpaced our ability to build versions of the product that worked on every phone or operating system. It's hard to remember now but back then there were no app stores. So companies like Facebook, Google, Twitter and YouTube had to work directly with operating system and device manufacturers to get their products into people’s hands. This took a lot of time -- and Facebook was not able to get to everyone.

To bridge this gap, we built a set of device-integrated APIs that allowed companies to recreate Facebook-like experiences for their individual devices or operating systems. Over the last decade, around 60 companies have used them -- including many household names such as Amazon, Apple, Blackberry, HTC, Microsoft and Samsung.

So far, it seems like Facebook agrees with what the New York Times has written. But Archibong goes on:

All these partnerships were built on a common interest -- the desire for people to be able to use Facebook whatever their device or operating system. This was something I experienced firsthand as a Blackberry user who relied on Facebook and Messenger to stay in touch with family and friends back in Nigeria.

Given that these APIs enabled other companies to recreate the Facebook experience, we controlled them tightly from the get-go. These partners signed agreements that prevented people's Facebook information from being used for any other purpose than to recreate Facebook-like experiences. Partners could not integrate the user's Facebook features with their devices without the user's permission. And our partnership and engineering teams approved the Facebook experiences these companies built. Contrary to claims by the New York Times, friends' information, like photos, was only accessible on devices when people made a decision to share their information with those friends. We are not aware of any abuse by these companies.

This is very different from the public APIs used by third-party developers, like Aleksandr Kogan. These third-party developers were not allowed to offer versions of Facebook to people and, instead, used the Facebook information people shared with them to build completely new experiences.

The post concludes by saying:

Now that iOS and Android are so popular, fewer people rely on these APIs to create bespoke Facebook experiences. It's why we announced in April that we're winding down access to them. We've already ended 22 of these partnerships. As always we're working closely with our partners to provide alternative ways for people to still use Facebook.

The New York Times makes a couple of concerning allegations:

• Some device partners can retrieve Facebook users' relationship status, religion, political leaning and upcoming events, among other data. Tests by The Times showed that the partners requested and received data in the same way other third parties did.
• Facebook's view that the device makers are not outsiders lets the partners go even further, The Times found: They can obtain data about a user's Facebook friends, even those who have denied Facebook permission to share information with any third parties.

Facebook has not yet responded to these direct accusations.

Image credit: Hadrian / Shutterstock