FTC: Facebook Lied About App-Security Program
The US Federal Trade Commission has accused Facebook of deceiving developers after it emerged that the company did nothing to verify the security of applications it was paid tens of thousands of dollars to review, and which it assured users had been checked and approved.
The investigation by the FTC reveals that the company may have had a bogus security review process for applications being published on its platform. It was called the Application Verification Program, ran between May 2009 and December 2009, and would award a Verified App badge to an app that passed its “tests.” In order to get the badge, a developer had to pay $375, or $175 if the developer was a student or a non-profit organization.
The program promised to “offer extra assurances” that the Verified App was “secure, respectful, and transparent,” but the FTC says Facebook did nothing extra at all.
“Contrary to the statements set forth in paragraph 46, before it awarded the Verified Apps badge, Facebook took no steps to verify either the security of a verified application’s website or the security the application provided for the user information it collected, beyond such steps as it may have taken regarding any other Platform Application,” said the FTC in its investigation.
Consumers also could have been deceived by the “verified” tick marks, the FTC suggested, as the program “is designed to offer extra assurances to help users identify applications they can trust […] that are secure, respectful and transparent, and have demonstrated commitment to compliance with platform policies.” But instead, Facebook “took no steps to verify either the security of a verified application’s website or the security the application provided for the user information it collected, beyond such steps as it may have taken regarding any other platform application,” the FTC said. That means Facebook could have been endorsing potentially irresponsible and dangerous applications, and users would’ve never known.
Facebook closed the Verified Apps Program after just six months in December 2009, saying that it would extend “the idea of verification to apply to all of the applications on the Facebook platform.”
254 apps were awarded the badge, meaning Facebook could have made around $95,000 from the program (on the high end).
Facebook settled its case with the FTC on Friday. The FTC investigated Facebook for privacy concerns in 2009 after the company made some changes to user privacy settings. In its new privacy policy at the time, Facebook decided that a number of profile features would be set as public by default. Specifically, profile pictures, names, friend lists, locations, and more were set to public, where users may have previously set those pieces of information to be visible by friends only. The FTC didn’t like this because Facebook did not receive explicit permission from its users to publicize said information. In the settlement, Facebook agreed to 20 years of privacy audits performed by a third-party watchdog.
Facebook is becoming quite notorious for its privacy issues, and people are likely losing trust for the company. As one of the biggest companies in the public eye, they really need to get their act together.
[Image Credit: Andrew Feinberg / Flickr]
