Facebook: We'll pay you to track down apps that misuse your data

Facebook is rolling out a twist on its security bug bounty that will reward individuals for finding data misuse.
Written by Liam Tung, Contributing Writer

Video -- Data caper: How Cambridge Analytica hoarded voters' personal details

Still reeling from the Cambridge Analytica scandal, Facebook has announced a new category in its bug bounty program that targets "data misuse" in third-party Facebook apps.

Until now Facebook's six-year-old bug bounty scheme has focused solely on technical security vulnerabilities. But, as part of the company's bid to win back the trust of users, it's announced that people will soon be able to use the program to report app developers who've been caught misusing data.

"Facebook's bug bounty program will expand so that people can also report to us if they find misuses of data by app developers. We are beginning work on this and will have more details as we finalize the program updates in the coming weeks," wrote Ime Archibong, Facebook's vice president of product partnerships.

The expanded bug bounty is part of Facebook's review of its operations aimed at addressing problems that allowed 50 million Facebook users' data to be handed to UK big-data political consultancy Cambridge Analytica by the developer of a Facebook quiz app.

Facebook announced a major review of apps last week and unveiled these additional measures as the FTC confirmed it will investigate whether Facebook violated a 2011 settlement.

Facebook has paused all app reviews as of last week as it investigates apps that gained access to large amounts of user information before the launch of its app review process in 2014.

Download now: Information security policy

Archibong says developers who are caught misusing personally-identifiable information will be banned from the platform. And in future Facebook intends to notify all users of apps that have been removed for misusing data.

Facebook plans to roll out new "rigorous polices and terms" for developers who build apps for others' businesses.

It is also rolling out a number of ways to manage apps. The company says it will turn off access to user information for apps that haven't been used for three months. It will also make choices to control app permissions more prominent.

Additionally, Facebook Login data collection will be restricted so that apps that haven't undergone a review can only access the user name, profile photo, and email address. Facebook will need to approve access to other data.

Previous and related coverage

Apple's Tim Cook: Facebook's privacy blunder 'so dire' we need regulations

Cook thinks Facebook's Cambridge Analytica privacy scandal is so big that it warrants "well-crafted regulation".

Data breach exposes Cambridge Analytica's data mining tools

The exposed data shows Cambridge Analytica used software developed by Canadian firm AggregateIQ to benefit US campaigns.

Facebook promises "comprehensive audit" of Cambridge Analytica

Facebook in 2016 asked the analytics firm to delete the data collected from 50 million profiles, but Facebook never verified the company's response.

Cambridge Analytica's Facebook game in politics was just the beginning, the enterprise was next (TechRepublic)

The controversial data company's product lead spoke to TechRepublic to clarify the firm's role on the Trump campaign and outline a vision for the future of enterprise analytics.

Mark Zuckerberg answers key questions in scandal, but many remain (CNET)

Facebook's CEO says that he's sorry about the Cambridge Analytica scandal affecting "tens of millions" and that he'd be willing to testify before Congress.

Editorial standards