It was always kind of shady that Facebook let you volunteer your friends’ status updates, check-ins, location, interests and more to third-party apps. While this let developers build powerful, personalized products, the privacy concerns led Facebook to announce at F8 2014 that it would shut down the Friends data API in a year. Now that time has come, with the forced migration to Graph API v2.0 leading to the friends’ data API shutting down, and a few other changes happening on April 30.
Today Facebook assembled journalists in San Francisco to discuss the rhetoric behind the change. All apps created since April 20, 2014, already have the new systems, so you’ve probably seen them in the wild. But all new developers must comply with updated APIs, or their connection to Facebook will stop working.
Some users will see it as a positive move that returns control of personal data to its rightful owners. Just because you’re friends with someone, doesn’t mean you necessarily trust their judgment about what developers are safe to deal with. Now, each user will control their own data destiny.
Along with the year notice, Facebook reviewed 5,000 of the top apps and sent them feedback about how their app will perform after the change. Its goal has been to minimize the impact on users.
Facebook’s Simon Cross told reporters that Mark Zuckerberg said one of Facebook’s new slogans is ‘People First’, because “if people don’t feel comfortable using Facebook and specifically logging in Facebook and using Facebook in apps, we don’t have a platform, we don’t have developers.”
To inform its new policies, Facebook did extensive in-person research, asking users how they felt about their privacy when they used Facebook with apps. It came away believing that to ensure the long-term health of the ecosystem, it has to give users confidence in how their app privacy is handled. When people are confident, “they feel happier and use our stuff more, and that’s what we’re tying to achieve” says Cross.
On the other hand, some developers will have significantly change how their apps work, or turn them off altogether. For example, Job Fusion relied on the ability to pull where a user’s friends work to show them job openings at those companies. Now Job Fusion is shutting down its referral engine, though it will continue operating in different ways. Others going dark or that already have due to the change include CareerSonar, Jobs With Friends, and adzuna Connect.
Along with the friends data API change, Facebook is now requiring all apps to use its new login system, which gives users more granular control over what data they give developers. Previously, users provided all their data and permissions in two big screens. One for all personal info and one for the ability for an app to post to Facebook on your behalf.
Now on the log-in screen, developers must include an “Edit the info you provide” link, which opens a checklist of all the data and permissions they’re asking for, including friend list, Likes, email address, and the ability to post to the News Feed. Users can tap the checkmarks to deny certain permissions.
Lastly, Facebook has now instituted Login Review, where a team of its employees audit any app that requires more than the basic data of someone’s public profile, list of friends, and email address. The Login Review team has now checked over 40,000 apps, and from the experience, created new, more specific permissions so developers don’t have to ask for more than they need. Facebook revealed that apps now ask an average of 50 percent fewer permissions than before.
So what does April 30 mean for users? In some cases, nothing. Apps that don’t need extra permissions and that function if they’re missing some like your email address will automatically get the new login systems and will work normally, and users won’t have to log back in. If a developer is significantly changing an app or needs more permissions, users may need to log back in, or the app might perform weirdly or show roadblock error messages. And some apps may simply cease to exist.
Apps don’t have to delete data they’ve already pulled. If someone gave your data to an app, it could go on using it. However, if you request that a developer delete your data, it has to. However, how you submit those requests could be through a form, via email, or in other ways that vary app to app. You can also always go to your App Privacy Settings and remove permissions for an app to pull more data about you in the future.
Overall, the changes could boost confidence in Facebook’s platform and the social network itself, which has struggled in the past with a reputation for spotty privacy. Cross says the conversion rate on people logging in with Facebook has increased 11 percent and believes this means “More people feel comfortable logging in with Facebook.”
Facebook’s never been shy about prioritizing users over developers and advertisers. It’s repeatedly reduced app virality to protect users’ feeds from spam, and denied advertiser requests for more flashy, site takeover-style ads. Facebook knows that if it burns users now, usage will wither, and all developers will get hurt.
And while developers might not like the changes, Facebook tried to give them as much warning as possible.