Facebook said Friday it has suspended “tens of thousands” of apps that may have mishandled users’ personal data, sparking fresh concerns about the tech giant’s privacy practices and exposing it to another potential standoff with U.S. regulators.
The suspended apps vastly outnumber the hundreds that Facebook previously said it had taken action against in the wake of the Cambridge Analytica scandal. But the tech company gave little detail about what the apps had done wrong, or even the names of the apps, saying only that they were associated with about 400 developers and had been targeted for a “variety of reasons.”
However, the apps Facebook suspended appeared more dangerous than the company initially conveyed, according to court filings also made public Friday. One group of about 6,000 suspended apps had a “large number of installing users,” according to court filings from Massachusetts’ attorney general, which has been probing Facebook’s data-collection practices for months. Another group, a number for which isn’t shared, presented an “elevated risk of potential policy violations.” And a crop of about 2,000 apps, which underwent a technical review by Facebook, exhibited behaviors that “may suggest data misuse.”
The suspensions come 18 months after Facebook began investigating the security of people’s data when accessed by developers and other partners. They show the company’s efforts to improve its privacy practices remain a work in progress, compounding users’ fears about the tech giant. And Facebook’s limited disclosures are likely to rankle regulators, who have pushed the company to provide greater transparency and oversight.
Facebook said in a blog post that it had investigated millions of apps and targeted those that had access to “large amounts of information” or had the “potential to abuse” its policies. The company said some of the apps were banned for inappropriately sharing users’ data, the same violation of company policy that led to the Cambridge Analytica scandal. It added that its investigation isn’t yet complete.
“Our goal is to bring problems to light so we can address them quickly, stay ahead of bad actors and make sure that people can continue to enjoy engaging social experiences on Facebook while knowing their data will remain safe,” said Ime Archibong, the company’s vice president of product partnerships.
Some of the apps were suspended before they had become available to mainstream users. Many were still in their testing phase at the time of suspension, Archibong said.
But Facebook appeared to know about some of the problematic apps months before it revealed its suspensions to the public. For months, the company had been locked in a legal war with the Massachusetts attorney general over the matter, a standoff that became public as a result of court documents unsealed Friday.
Massachusetts’s top enforcement official had been investigating Facebook’s privacy practices since last year. It initially went to court to compel Facebook to turn over more information in connection with that probe, including the identification the roughly 10,000 apps that may have “misappropriated and/or misused consumers’ personal data,” according to its petition. Facebook, however, argued it is not required to identify any of them on grounds it is “protected attorney work product,” the attorney general contends.
The company’s admissions are likely to reignite calls for heightened regulation of Facebook, while infuriating critics in Congress who believe the social-networking giant has escaped tough punishment for its past privacy abuses. Lawmakers including Sens. Richard Blumenthal, D-Conn., and Josh Hawley, R-Mo., sharply challenged Facebook chief Mark Zuckerberg over his company’s data collection practices during private meetings in Washington this week.
The Federal Trade Commission in July issued a record-breaking $5 billion fine and other penalties against Facebook for a series of privacy scandals, including its missteps related to Cambridge Analytica. The settlement ending the probe also required Facebook to submit to unprecedented government oversight of its privacy practices, while policing third-party apps more aggressively. But critics, including the FTC’s Democratic commissioners, argued that it failed to hold Facebook fully accountable and did little to change the company’s data collection practices.
The FTC declined to comment. The settlement between Facebook and the agency is not final until it is approved in federal court.
On Friday, Facebook again did not name the apps or developers it suspended. In May, the company sued the South Korean analytics firm Rankwave, saying the company had offered dozens of apps to people and businesses but had refused to cooperate in Facebook’s investigation.