[Updated] Facebook Apps: Everything You Need to Know To Secure Your Data [Images]

Why Should You Clean up Your Facebook Apps? | Find Apps Attached to Your Account/Disable App Platform | Secure Your Data from Apps Your Friends Use | What Data are Your Apps Collecting About You and Your Friends? Edit App Permissions/Delete Apps | “Ask” Developers to Delete Your Data | Recommendations

[Updated: April 6, 2018] The following sections have been updated: Secure Your Data from Apps Your Friends Use     “Ask” Developers to Delete Your Data

There have been lots of articles written about Facebook apps since the Cambridge Analytica story broke. Most claim to be comprehensive, but I haven’t seen any that cover all the bases. I’ll attempt to do just that, complete with screen shots.

My goal is to make it very easy for you to find your apps, limit the data collected, request developers delete stored data, delete Facebook apps that you don’t use, or disable the app platform altogether.

Click any of the links above to go directly to the section of interest.

Why Should You Clean Up Your Facebook Apps?

If the Cambridge Analytica (CA) debacle has taught us anything it’s that the time to get serious about Facebook security is now. Actually, the time was about 10 years ago, but hey, better late than never. I’ve been preaching this for years, but I may as well have been screaming at the proverbial brick wall because so few people seemed to care.

My hope is that the CA breach (and it is a breach whether Facebook will acknowledge it or not) is a wake-up call for Facebook users. We now have overwhelming and undeniable proof that we are Facebook’s product and, more importantly, that we’ve been a bit naïve in thinking they’d protect us if any bad hombres tried to mine our personal data with nefarious intent.

Let me state this very clearly: Cambridge Analytica is NOT the only entity collecting our data via Facebook apps. Not by a long shot. And they are not the only developers with bad intentions for using our data.

Not all apps are bad and not all use our data in, shall we say, questionable ways. Most are legitimate. We need to be vigilant in limiting data we hand over to all app developers – even the legitimate ones.

We all know that every movement (online and off), every keystroke, every website visited is tracked. That, we have no control over. But we should never voluntarily give up more information than we have to, especially to unknown entities.

Find Apps Already Connected to Your Account/Disable App Platform

At the top right of your News Feed, click the down arrow, then click Settings.

find-app-settings-1

Once in Settings, find Apps on the left menu.

find-app-settings-2

In the App Platform section you’ll see all the apps that you’ve given permission to connect to your account. Below that you’ll see four boxes, two of which are very important for this exercise.

First, the Apps, Websites and Plugins section. If the App Platform is enabled (as pictured below), you have the ability to connect apps, including games, to your account.

app-platform

If you don’t want to use any apps (including those that allow you to use Facebook to sign in) or play games, simply click Edit to disable the platform (image below).

disable-app-platform

We’ll come back to this section in a minute, but first let’s tackle another culprit: Data that your friends are unwittingly giving away (or that you’re unknowingly giving away about your friends).

Secure Your Data from Apps Your Friends Use

[Update: April 6, 2018] Facebook has removed the Apps Others Use section without notifying users, thoroughly explaining why, or informing users whether previously collected data continues to be stored by developers. Given that Facebook said this type of data would no longer be available to developers years ago (see original reporting below), yet the options remained on the user side, how are we to know if this data is or isn’t still available to developers? When visiting the Apps Settings section, this is what you’ll now see:

Now this is where it gets a little scary, especially given the Cambridge Analytica breach. This is how they were able to get data on exponentially more people than those who downloaded their app.

Even if you use zero apps, your data can be collected by developers of apps that your friends use. And you may be surprised at the types of data they can collect. Go to the box titled Apps Others Use and click Edit.

This section is of special interest to me because Facebook announced at its annual F8 conference in 2014 that it would be shutting down the Friends data the API (Applications Programming Interface) the next year. That would be 2015.

Since the CA scandal broke, Facebook execs have reminded critics of this in order to minimize the amount/type of data that apps (presumably including CA) were able to collect from friends of app users.

Yet, below is the treasure trove of information that can be given to developers of apps that your friends use…TODAY. Three years later.

No matter what Facebook says about shutting down this data giveaway, if these options exist, the data is available to app developers.

This is your data that your friends have unwittingly given away – without your knowledge or consent. Most Facebook users don’t even realize this section exists.

You ready for this? I hope you’re sitting down.

apps-others-use

You can (and should) opt out of all of them! Uncheck every box, then click Save.

This is another huge issue I have with Facebook. If they were truly diligent about protecting our data these options would be configured as opt-in permissions instead of opt-out. Opt-out means that the default is all boxes are checked and the user must opt-out of allowing those permissions. Opt-in means that no boxes would be checked and users would have the option to check or uncheck any box. But this would mean that Facebook would have to tell us these options even exist, which they don’t. And when we are given options to edit permissions, the explanation isn’t clear to those who aren’t tech-savvy (and many Facebook users are not very tech-savvy and certainly not Facebook security savvy).

Now let’s circle back and talk about the apps you use.

Apps You Use: Know What Data They Collect | Edit or Delete Permissions |Request Developers Delete Stored Data

As to your own apps, go through them and delete any that you don’t use*. You’ll likely find some that you don’t even remember using.

*What to know before you delete apps – this is a tad ridiculous – every one of those apps will keep your stored data unless and until you request that the developer delete your stored data. The ridiculous part is threefold: 1) You must request the developer delete your data, 2) there’s no way to know whether they do it, and 3) you must make this request to every single developer of every app attached to your account.

Oh, and guess what!

As of this writing (5:00 pm CDT, March 30, 2018) the system for requesting that stored data deletion isn’t working. Surprise! (Updated: Still not working 8:00am CDT, March 31, 2018)

I’ve reached out to Alex Stamos, Facebook’s Chief Security Officer (via Twitter, ironically) to let him know the system isn’t functional. He hasn’t responded; I didn’t expect him to. He’s kinda busy right now, I guess. He and other Facebook execs have been busy tweeting, anyway. I’ve also reported it via Facebook’s Report a Problem feature.

I truly hope they fix it. Though I doubt it will be a high priority for them, it certainly should be.

Assuming they will fix it eventually, I’ll explain how to access this option in a minute.

But first…

What Data Are Your Apps Collecting About You and Your Friends?

Some apps collect minimal data such as only your public profile. Below is an example using the ABC.com app.

abc-facebook-app

Other apps, however, collect all kinds of information about you and your friends. Candy Crush Saga, one of the most popular Facebook games is one such app. And those quiz apps? Yep, they collect all kinds of data. Very soon I’ll post an article explaining how to limit permissions before you take a quiz.

Edit Permissions or Delete Your Apps

So, how do you edit or delete app permissions? Let’s go back to the top of the App Platform page. Hover over an app icon and a pencil and box will appear. To edit your settings or see what information the app has collected, click the pencil icon. I suggest doing this first, if only to inform yourself on the type of data that’s in the hands of developers.

If you simply want to delete the app, click the box, then click Remove at the top of the page. Note: If you delete, the developer will retain the stored data it has collected. delete-apps

Clicking the pencil icon takes you to a dialog box as I showed before. Let’s go back to Candy Crush Saga.

candy-crush-saga-1

candy-crush-app2

To revoke any of these permissions, just click the blue circle/white check mark to de-select it, then click Save. I suggest de-selecting all but those that are required.

As mentioned above, the best route before deleting any app is to request that developers delete the stored data they’ve collected from your account.

“Ask” Developers to Delete Stored Data

Note: This system is not working. [Update April 6, 2018: This system is now working.]

In the editing dialogue box, (always near the bottom of the list, so you’ll have to scroll) you’ll see:

1) Remove Info Collected by the App (don’t bother clicking on Learn More, the Help page is, unsurprisingly, outdated,

2) Get Help from App Developers (be sure to copy your App User ID from this section),

3) Click Report App at the bottom (to the left of the Cancel button).

request-data-delete-id

This is the most insane part. Users are required to “ask” each developer (see 1, above) to delete stored data. So, if you have 10 apps, you have to make 10 separate requests. If you have 100…well, you’ll be busy for a while.

That Facebook uses the term “ask” is telling, in my opinion. Why not “require”? “Ask” implies that developers have a choice to refuse or ignore the request. Even if the request is honored, there doesn’t seem to be a mechanism in place to notify users that their data was deleted. Additionally, we’ll never know everything that was collected, exactly how our data was used or who else may have had access to it.

Still, I believe this is something every Facebook user should attempt to do.

After clicking Report App, you’ll see the following dialogue box. Click I want to send my own message to the developer.

send-own-message-app-dev

Click Send a message to the developer.

message-app-developer

 

In the Contact the Developer box type your email address and message requesting data deletion. In the instructions Facebook states your User ID will be included in the message. I suggest pasting in the ID number that you copied earlier, just to be sure.

contact-app-developer-dialogue2

As shown above, clicking send prompts the following error message at the moment.

request-app-data-delete-broken

Final Recommendations

I recommend going through every app attached to your Facebook account and, for those you want to keep, click through and edit/limit the permissions you’ve granted (just deselect the blue circle/white check mark).

If you have apps that you no longer use or don’t remember downloading, delete them (request data deletion from developer first, assuming Facebook fixes that feature).

Use extreme caution before giving apps permissions to access your account. Remember you are the first line of defense when it comes to keeping your data safe.

###

My goal is to share information that helps us all stay safe on social media. If you have any questions, please feel free to ask!

If this article was helpful, please share with your friends.

 

 

 

Carole Billingsley (@YouSeekSocial) is a social media consultant and trainer. Combining her social media expertise with her decades of experience in entertainment and education, Carole founded Seek Social Media in 2011. She is known for her ability to make technical and social media topics easy to understand for even the least tech-savvy business owner. Specialty areas: social media, customer experience, digital presence, crisis management.

Leave a Reply

Show Buttons
Hide Buttons