Facebook said Friday it has suspended "tens of thousands" of apps that may have mishandled users' personal data, sparking fresh concerns about the tech giant's privacy practices and exposing it to another potential standoff with US regulators.
The suspended apps vastly outnumber the hundreds that Facebook previously said it had taken action against in the wake of the Cambridge Analytica scandal. But the tech company gave little detail about what the apps had done wrong, or even the names of the apps, saying only that they were associated with about 400 developers and had been targeted for a "variety of reasons."
The suspensions come 18 months after Facebook began investigating the security of people's data when accessed by developers and other partners. Facebook said in a blog post that it had investigated millions of apps and targeted those that had access to "large amounts of information" or had the "potential to abuse" its policies. The company said some of the apps were banned for inappropriately sharing users' data, the same violation of company policy that led to the Cambridge Analytica scandal. It added that its investigation isn't yet complete.
But the apps Facebook found as part of its internal probe may have posed a greater threat to users than the company portrayed.
Facebook "identified approximately 10,000 applications that may also have misappropriated and/or misused consumers' personal data," according to court documents also unveiled Friday from Massachusetts' attorney general, which has been probing Facebook's data-collection practices for months. The court filings say 6,000 apps had a "large number of installing users" and 2,000 exhibited behaviors that "may suggest data misuse."
The new revelations add to Facebook's mounting woes, illustrating that the company's efforts to improve its privacy practices remain a work in progress, compounding users' fears about the tech giant. Facebook's limited disclosures also are likely to rankle regulators, who have pushed the company to provide greater transparency and oversight.
Sen. Ron Wyden, D-Ore., said, "This wasn't some accident. Facebook put up a neon sign that said 'Free Private Data,' and let app developers have their fill of Americans' personal info. The FTC needs to hold Mark Zuckerberg personally responsible."
"Our goal is to bring problems to light so we can address them quickly, stay ahead of bad actors and make sure that people can continue to enjoy engaging social experiences on Facebook while knowing their data will remain safe," said Ime Archibong, the company's vice president of product partnerships.
Some of the apps were suspended before they had become available to mainstream users. Many were still in their testing phase at the time of suspension, Archibong said.
But Facebook appeared to know about some of the problematic apps months before it revealed its suspensions to the public. Since last year, the company had been locked in a legal war with the Massachusetts attorney general, a standoff that became public as a result of court documents unsealed Friday.
Massachusetts's top enforcement official initially went to court to compel Facebook to turn over more information in connection with that probe, including the identification the roughly 10,000 apps may have misused data, according to its petition. Facebook, however, argued it is not required to identify any of them on grounds it is "protected attorney work product," the attorney general contends.
The company's admissions are likely to reignite calls for heightened regulation of Facebook, while infuriating critics in Congress who believe the social-networking giant has escaped tough punishment for its past privacy abuses. Lawmakers including Sens. Richard Blumenthal, D-Conn., and Josh Hawley, R-Mo., sharply challenged Facebook chief Mark Zuckerberg over his company's data collection practices during private meetings in Washington this week.
"And now, barely 24 hrs after insisting to my face that Facebook takes personal privacy more seriously than anything else, FB reveals potentially massive data breaches," Hawley tweeted Friday.
The Federal Trade Commission in July issued a record-breaking US$5 billion ($7.9b) fine and other penalties against Facebook for a series of privacy scandals, including its missteps related to Cambridge Analytica. The settlement ending the probe, which isn't final until it is approved in federal court, also required Facebook to submit to unprecedented government oversight of its privacy practices, while policing third-party apps more aggressively. But critics, including the FTC's Democratic commissioners, argued that it failed to hold Facebook fully accountable and did little to change the company's data collection practices.
"The FTC was aware of a widespread problem involving app developers on Facebook's platform and that's why the agency obtained the relief it did," spokeswoman Juliana Gruenwald said in a statement. "The FTC did a thorough investigation that found Facebook was not adequately policing third party app developers." The agency declined to detail the exact evidence it obtained, including whether it probed the thousands of apps Facebook suspended Friday.
On Friday, Facebook again did not name the apps or developers it suspended. In May, the company sued the South Korean analytics firm Rankwave, saying the company had offered dozens of apps to people and businesses but had refused to cooperate in Facebook's investigation.