Facebook accused of deceiving developers over security
Facebook has been accused of deceiving developers after it emerged that the social networking site did nothing to verify the security of applications it was paid tens of thousands of dollars to review, and which it assured users had been checked.
It is believed Facebook was paid up to $95,000 (£60,600) by developers whose applications were entered into its verified apps scheme.
The system gave a green tick of approval to apps that passed what Facebook described as its “test for trustworthy user experiences”.
An investigation by the US Federal Trade Commission (FTC) revealed that Facebook took no steps to review the applications in its now-closed scheme. Facebook awarded the verified badge to 254 applications, according to the FTC.
Developers paid Facebook $375, or $175 for a student or non-profit organisation, to be given the green tick. Verified apps were given other benefits including prominence in its search results and a higher ranking on the directory of apps.
Facebook had said it would subject the apps to a “detailed review process”, and then give the verified badge to apps that the social network decided were “secure, respectful and transparent”.
However, the FTC described the programme as “deceptive” in a 19-page list of wider privacy charges against Facebook.
“Contrary to the statements set forth in paragraph 46, before it awarded the Verified Apps badge, Facebook took no steps to verify either the security of a verified application’s website or the security the application provided for the user information it collected, beyond such steps as it may have taken regarding any other Platform Application,” the FTC said.
Consumers could also have been deceived by the “verified” tickmarks, the FTC suggested, as the site said that the programme “is designed to offer extra assurances to help users identify applications they can trust… that are secure, respectful and transparent, and have demonstrated commitment to compliance with platform policies”.
But instead, Facebook “took no steps to verify either the security of a verified application’s website or the security the application provided for the user information it collected, beyond such steps as it may have taken regarding any other platform application,” the FTC said.
Facebook accepted a settlement with the FTC on Friday. Under its terms Facebook must allow an independent watchdog to make regular privacy inspections for the next 20 years. It came just a day after Google was fined a record $22.5m (£14.4m) by the FTC for circumventing privacy protections on Apple’s Safari web browser.
Facebook closed the verified apps program after just six months in December 2009, saying that it would extend “the idea of verification to apply to all of the applications on the Facebook platform”. Facebook agreed to undergo privacy vetting for 20 years.