All Apps connected to your Facebook account should be prevented from accessing your personal data if they have not been in use for more than 90 days.
However, the social media platform says it erroneously allowed 5,000 developers to gather information from user profiles long after the time limit on their rights expired.
Facebook said that the lock-out failed to work due to a flaw in how it recorded inactivity. It also revealed that its estimate of 5,000 developers was only based on data available from the last few months.
“Recently, we discovered that in some instances apps continued to receive the data that people had previously authorised, even if it appeared they hadn’t used the app in the last 90 days,” the company said in a statement.
Facebook gave an example as to how the error occurred. It said that if two Facebook friends used the same app, and only one friend kept using it after 90 days, the app could collect data from the inactive friend as well.
“For example, this could happen if someone used a fitness app to invite their friends from their home town to a workout, but we didn’t recognise that some of their friends had been inactive for many months,” the company said.
Personal Information gathered include gender, hometown, language among others. Facebook said that despite collecting the data long after the expired time limit, the apps collected the data that it had been granted access to the first time the user gave permissions.
“We fixed the issue the day after we found it,” the company said. They did not disclose the number of users who had been affected by the flaw.
The harvesting of Facebook users’ personal information by third-party apps was at the centre of the Cambridge Analytica privacy scandal that was exposed in 2018.
Cambridge Analytica’s app on Facebook was reported to have harvested data not only from people who used it, but also from friends who had not given consent. The company built a vast and lucrative database as a result.
Facebook’s chief executive Mark Zuckerberg was then questioned by the US Congress on how his company had been dealing with users’ personal information, and that is when Facebook announced a new policy on 90-day lock-outs for apps.
But the company has now reported that the limit did not work properly.
This is the most recent issue in a long line of privacy issues on Facebook.
In November last year, it was reported that a flaw in the groups feature allowed for harvesting of personal data from some groups.
Facebook’s annual profits, announced in January showed that the figures had fallen, for the first time in five years, partly due to settlements made to regulators over privacy issues on the app.