Facebook has been under fire over its flawed user privacy guidelines for close to a month, ever since the Cambridge Analytica controversy surfaced in mid-March. Now, the company has officially revealed the actual number of users whose data was compromised. Shockingly, it's almost 75 percent more than the 50 million that was previously reported.
Mike Schroepfer, chief technology officer at Facebook, published the details of the activities of Cambridge Analytica, which he said accessed the user-data of more than 87 million people.
Using the Aleksandr Kogan-developed app — This Is Your Digital Life — on Facebook in 2014, it accumulated more than 70.6 million (81.6 percent of the total) people's personal information in the US alone, followed by the Philippines (1.76 million), Indonesia (1.096 million), the UK (1.08 million), Mexico (789,880) and Canada (622,121).
Cambridge Analytica also tracked 562,445 Indian citizens on Facebook. [Complete data below]
Taking note of the severity of the flaws in its platform, Facebook has laid out more stringent guidelines for third-party apps that seek access to user-profile data.
"Two weeks ago we promised to take a hard look at the information apps can use when you connect them to Facebook as well as other data practices. Today, we want to update you on the changes we're making to better protect your Facebook information," Schroepfer said in a statement.
Here are the new Facebook guidelines:
Events API: Previously, if people granted an app permission to access information about events they host or attend, including private events on Facebook, their personal information was visible to others (personally unknown to the user) who also intend to attend the event. Starting now, apps using the API will no longer be able to access the guest list or posts on the event wall. And in future, only Facebook-approved apps that agree to strict requirements will be allowed to use the Events API.
Groups API: All third-party apps using the Groups API will need approval from Facebook and a group administrator to ensure they benefit the group. Apps will no longer be able to access the member list of a group. And, Facebook is also removing personal information such as names and profile photos attached to posts or comments that approved apps can access.
Pages API: Up until now, any app could use Pages API to read posts and comment on any page. This let developers create tools for Page owners to help them do things like schedule posts and reply to comments or messages. Apparently, it also let apps access more data than necessary. From now on, all future access to the Pages API will need to be approved by Facebook.
Facebook login: The company is tightening the review process on all apps that request access to information such as check-ins, likes, photos, posts, videos, events, and groups. Also, Facebook will no longer allow apps to ask for access to personal information such as religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity. In the coming days, Facebook will remove developers' ability to request data people shared with them if it appears they have not used the app for the last three months.
Instagram Platform API: The company is closing down the Instagram API from Facebook to block third-party apps from reading public media on a user's behalf [more info here].
Search and Account Recovery: Users were earlier allowed to enter the phone number or email ID in Facebook search to track a particular person, but some people have been known misuse this feature to access personal information of individuals without consent. So, Facebook has disabled this search feature and is also making changes to the account recovery process to reduce the risk of information-scraping of unknown people.
Call and Text History: This has long been an opt-in feature in Facebook app for Android. To make it crystal clear, the company has said it doesn't collect any text messages, but logs calls and frequency of texts between users, so that Facebook can put those people on top of the contact list. Also, Facebook has promised to delete all logs older than one year. In future, the client will only upload to Facebook servers the information needed to offer this feature — not broader data such as the time of calls.
Data Providers and Partner Categories: Facebook has shut down Partner Categories, a product that let third-party data providers push "targeted ads" directly to users on Facebook.
App controls: Starting April 9, Facebook will show people a link at the top of their News Feed so they can see what apps they use — and the information they have shared with those apps. Users will also be able to remove apps they no longer want. As part of this process, Facebook will also tell people if their information may have been improperly shared with Cambridge Analytica.
Facebook has promised to make even more changes in its user privacy guidelines.
Stay tuned. Follow us @IBTimesIN_Tech on Twitter for the latest news on Facebook.