Facebook Has Discovered Another Data Access Issue, This Time Within Groups
I feel for the person having to update the variation of this sign in Facebook's Menlo Park HQ:
But, unfortunately, the time has come once again. This week, on the Facebook Developer blog, the company has revealed that a flaw in its Groups API may have enabled up to 100 app partners to access group member information, like names and profile pictures, in connection with group activity.
As explained by Facebook:
"Before April 2018, group admins could authorize an app for a group, which gave the app developer access to information in the group. But as part of the changes to the Groups API after April 2018, if an admin authorized this access, that app would only get information, such as the group’s name, the number of users, and the content of posts. For an app to access additional information such as name and profile picture in connection with group activity, group members had to opt-in."
Facebook made significant changes to its APIs to limit access in April 2018, and this description above is how the new process is supposed to work. But there was a flaw in Facebook's system: