CBSN

Facebook: We'll pay you to report apps that misuse data

Still reeling from the Cambridge Analytica scandal, Facebook has announced a new category in its "bug bounty" program that targets "data misuse" in third-party Facebook apps. Until now, Facebook's six-year-old bug bounty scheme has focused on rewarding those who find technical security vulnerabilities. But as part of the company's bid to win back the trust of users, it announced that people will soon be able to use the program to report app developers who've been caught misusing data, ZDNet's Liam Tung reports.

"Facebook's bug bounty program will expand so that people can also report to us if they find misuses of data by app developers. We are beginning work on this and will have more details as we finalize the program updates in the coming weeks," Ime Archibong, Facebook's vice president of product partnerships, wrote this week.

The expanded bug bounty is part of Facebook's review of its operations aimed at addressing problems that allowed 50 million Facebook users' data to be handed to Cambridge Analytica, a U.K. big-data political consultancy, by the developer of a Facebook quiz app.

Facebook announced a major review of apps last week and unveiled these additional measures as the FTC confirmed it will investigate whether Facebook violated a 2011 settlement over its privacy practices.

Facebook has paused all app reviews as of last week as it investigates apps that gained access to large amounts of user information before the launch of its app review process in 2014.

Facebook's Archibong said developers who are caught misusing personally-identifiable information will be banned from the platform. And in the future, Facebook intends to notify all users of apps that have been removed for misusing data.

Facebook says it plans to roll out new "rigorous polices and terms" for developers who build apps for others' businesses.

It is also rolling out a number of ways to manage apps. The company announced a number of steps last week, including turning off access to user information for apps that haven't been used for three months. It will also make the options for controlling app permissions more prominent.

Additionally, Facebook Login data collection will be restricted so that apps that haven't undergone a review can only access a user's name, profile photo, and email address. Facebook will need to approve access to other data.

The developments comes amid other changes. On Wednesday, Facebook announced an overhaul of its privacy controls to make them easier to use. Among the changes is a redesign of its privacy settings for mobile phones so that they'll appear on a single screen, instead of spread across 20 different screens. Facebook is also vowing to make it easier to find privacy, security and advertising information with a new Privacy Shortcuts menu. 

Facebook has faced fierce criticism for obtaining users' data through terms and conditions buried in fine print and from which it is extremely hard to opt out, or to know that opting out might be advisable.

It's unclear whether the latest changes will convince consumers who have deleted their Facebook accounts to return to the service, or whether it will assuage lawmakers and privacy advocates who have expressed concerns about Facebook's collection and use of personal data. 

Jessi Hempel, a senior writer at WIRED, pointed out Wednesday on CBSN that Facebook isn't the only platform on which consumers share "way too much data."

"Facebook is the face of a larger problem — the problem of big data and privacy — and it's so large and nebulous and intractable that we have no real way to understand it, and so we wait until one of these whistleblowers come along, and that will be keep happening."

"And I would like to believe that eventually it will change consumer behavior," she said.