Does that Facebook App Have a Privacy Policy? Probably Not.
When you're installing a new Facebook application, you probably don't think about the app's privacy policy, but perhaps you should. After all, the privacy policy is where the company spells out exactly what they can and will do with your personal user information. However, according to the findings released yesterday on the site Social Hacking, the state of Facebook application privacy policies leaves a lot to be desired. After delving into the current list of the top 25 applications, some disturbing information was revealed. For example, 36% of these top apps had no published privacy policy whatsoever or only offered a link to it after you authorized the application.
Does That App Have a Privacy Policy? Probably Not
Each of the top 25 applications on Facebook have at least 5.5 million monthly active users and 12 of these apps are labeled as "Facebook Verified," a designation which essentially means they have been given the Facebook seal of approval when it comes to their trustworthiness. But how trustworthy are these apps, really?
To determine the state of application privacy policies, "theharmonyguy" (the anonymous blogger who maintains the site Social Hacking) looked for links on the app's Info page referring to a privacy policy, looked for links within the app's TOS (Terms of Service) page, and looked within the help/support pages, too. Plaintext URLs were also counted as links, if present.
In nearly a third of the applications, there was no link to a privacy policy listed.
Among the apps with no privacy policy are the #3 app "How Well Do You Know Me," the #5 app "MyCalendar," and the #12 app "Farm Town," among others.
Two of the applications only provided a link to the privacy policy after installation, one on the first page after installation and the other buried within a linked support page. One of these apps was the Facebook Verified app "We're Related." Seven applications included links in their Info pages, but in five of the seven, you would have to first click the "About" link to go to the developer's web site to discover the privacy policy link.
Eight applications included privacy policy links from links found on both the Info page and the TOS page. But only one application actually served up the privacy policy link directly from the application's Info page itself: CourseFeed.
Surprisingly, the "Facebook Verified" application known as RockYou Live (formerly Super Wall) offered no privacy policy whatsoever within the application or via its links to other pages. The About link pointed to a section of the application which requires user installation and the install page offered no TOS link, either. (And this is supposedly one of the trustworthy apps?)
Application Privacy: Old News Perhaps, But Still an Issue
Today, Facebook is busy defending itself against accusations that they're using user data for advertising purposes, but it seems that the real danger on Facebook may be the access to this same user data from unknown companies outside of the social network. This is not really a new issue - nearly a year and a half ago, Facebook application privacy issues were heavily discussed in the blogosphere for some time. It's interesting to look again at the status of this problem and see how little has changed since then.
In fact, today Facebook's Application Terms of Service warns you (shouts at you in UPPERCASE, no less) that:
"ALL PLATFORM APPLICATIONS ARE PROVIDED AS IS" and that "YOU UNDERSTAND AND AGREE THAT YOU DOWNLOAD, INSTALL AND/OR USE ANY PLATFORM APPLICATIONS AT YOUR OWN DISCRETION AND RISK."
Within your Privacy settings, you're also informed that:
"When you authorize an application, it will be able to access any information associated with your account that it requires to work. The application can access information like your personal info and photos as well as your friends' personal info (depending on their settings)."
In other words, you've been warned.
Why Doesn't Facebook Make Apps Offer a Privacy Policy?
It appears there's absolutely no requirement for Facebook applications to provide links to their own privacy policies to application users. And there's certainly no requirement that these links are prominently displayed for easy access.
This would be a simple policy for Facebook to enact, although perhaps a hard one to enforce in terms of man hours needed to keep tabs on all the apps across the social network. Someone would need to make sure that the apps not only offered privacy policies but also didn't remove the links after time passed and devious developers thought they could get away with the removal. Plus, there would still be the issue of the external privacy policies being updated after you agreed to them. What may have been innocuous at first could easily be updated to be quite terrible later on. Unless you routinely checked the privacy policy (which no one does) you would never know the change occurred.
Managing the network of applications could be made easier, however, with a little crowd-sourcing. There's already a "report this app" link provided at the bottom of all application pages. The link currently allows users to report privacy violations, so why not let users report the lack of a privacy policy, too? That seems like a good first step Facebook could take in this situation.
Although the majority of users would still probably never look at privacy policies even if changes were made, having them consistently and prominently displayed would at least put pressure on application developers to think more carefully about how they would access Facebook user data as this would now be disclosed. And that may be the best we could hope for when it comes to these applications.
Share
Facebook
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
That's what you get when you allow other people to just make an app and upload it to a site unchecked. http://AppUseful.com
Would it be particularly difficult for Facebook to make app developers post their privacy policies to Facebook? No need for external links, and subsequent changes can be highlighted to uses via an automatic message (eg "IrritatingApp has changed its policy, click here to see what's changed" with a link to a simple line-by-line diff.
Once again, facebook shown to be a little too cavalier in their approach to privacy and site management. Good investigative tech reporting, RWW!
I am very tired? Use the other websites too. There are many interesting and new. Live free. I like www.allyos.com!
[url]http://allyos.com[/url]? Semantic Search and Video Search, Friends and mail like Facebook?
Facebook Application demand increasing now. Every Application Developer focusing to developed quality Facebook Applications. Nice info
Even if there were privacy policies - who could guarantee that the app makers would stick to them? Why doesn't Facebook simply offer the possibility for users to deny apps access to certain information? If you're using a quiz app why should it get to use and collect information such as photos, political views, sexual orientation etc??
It shouldn't be impossible to add this feature since it's already there (but strangely only with regards to friends' apps).
I recently came accross your blog and have been reading along. I thought I would leave my first comment. I dont know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.