SHARE

Who has access to the information in your Facebook profile?

How to find out and how to put a stop to it.

With the recent exposé from Channel 4 news about the practices of companies such as Cambridge Analytica harvesting data from Facebook and using it to target users with divisive political content, I though it was time to do a little post to show you one of the ways they achieve this, and how you can be a little more careful with what you do on Facebook in future.

Facebook allows apps to access various parts of your profile using something called an API. This is a standard programming tool that allows apps to plug in and interact with another app. In this case, Facebook’s API allows various apps access to your account, with your permission.

So, for example, you can link up your Instagram or Twitter accounts to Facebook so that whatever you post on one platform, gets cross posted on another.

So far, so good. A legitimate use of Facebook’s API.

What has been going on for a long time, however, is that there have been a whole swathe of click-bait “apps” created for the sole purpose of gaining access to your data via nothing more than social engineering tricks.

Think about the last time you clicked a link to a quiz, or an app to see what you look like as the opposite sex, what your moviestar poster looks like, or to Answer 10 questions and find out how romantic you are… the list of quizzes or click-bait apps out there is almost endless.

Using these click-bait links are the ways that some companies and organisations are using to get access to your data.

How does this work and how can I prevent my Facebook data being harvested in future?

*Note, I am making no claims about the apps or quizzes mentioned in this blog.
These are simply used as demonstrations on how apps gain access to Facebook’s API and access user’s data.

So, when you see something like this, on a friend’s Facebook page and are tempted to click the quiz to find out about you…Example of a Facebook Quiz Invitation.

You will be usually taken to a page like this which asks you to log in with Facebook.

Example of a Facebook app quiz asking for you to log in to Facebook

Clicking the login button takes you back to Facebook and shows you how much access you’re giving to the app, then inviting you to click the “Continue” button.

Confirm giving this app access to your Facebook info
Hands up, who ignored the bit in red and just clicked “Continue as…”?

Congratulations!
You have now given away access to your public profile, all your photos and your email address to who knows?!

Once you’ve answered the questions, the App generates a link and drops it on your profile so your friends can see it, comment and then (hopefully for the app makers), they will also click and want to answer 10 questions to find out what their spirit animal is, too!

Hooraaay, let’s all give our information away!


So if this is how apps gain access to your data, then how do we block them, now that we know we don’t want them?

Luckily on Facebook we can see which apps we have granted access to our data. My quick tutorial here will show you how to see not only who has access to your data, but how to clear those potentially troubling apps.

*Note I uninstalled the Facebook app from my phone a long time ago, so this step-by-step guide explains how to lock down your Facebook from the standard web application.

First thing’s first, we need to log in to Facebook and get the list of apps with access to our data.

Log in to your Facebook page and then go to the “settings” menu.

How to get to Facebook's Settings
If you can’t see the images properly, click them to see full sized versions.

Once you’re in settings, go over to the menu on the left and click “Apps”.

The Facebook Apps Setting

The apps menu is where you can see just which apps have access to your data.

I’m a tech nerd and am VERY careful about whom I give access to my data so I only have three apps with access to my Facebook profile.

Example of a clean list of Facebook apps

However, I asked a work colleague if they could show me their app list to better reflect what a typical Facebook user’s App profile might look like…

A user with hundreds of apps with access to their Facebook data.

That sure is a lot of apps with access to Facebook data!

My colleague claimed that they “never click those quizzes or games”, but it’s clear to see just how much you can give away without even realising it.  Apps or games you may have clicked five or ten years ago still have access to your data.

Clicking on the title of one of those apps will open up a window to tell you how much of your Facebook profile data it has access to.

We clicked on the Bingo app.

Facebook Bingo App Permissions

So you have to ask yourself, why would a Bingo game app need access to all of this information and much, much more? See the scroll bar on the right of that image? This thing had access to pretty much everything!

If your app list looks like the one above we probably need to look at how to start clearing some of these apps so they will no longer have access to our profile.

There are two ways to delete these apps.

1 – In the main list, simply click the “X” on the right of the app.  Click the cross to remove the Facebook appYou will be asked to confirm if you want to remove the app.
Click yes.

2 – In the app information window, at the bottom, you can see the link that says “Remove App”, click that.You will be asked to confirm if you want to remove the app.
Click yes.

For more information, see Facebook’s official help page, here:
https://www.facebook.com/help/170585223002660

This is all there is to it.

Carry on and delete all the apps you don’t want to have access to your Facebook profile.

What next?

Removing these apps doesn’t delete any data already collected about you. It just means that if you make further changes to your profile – relationship status, place of work, profile pictures etc etc, then those apps will no longer be given this new information via their access to your profile through Facebooks API, meaning they won’t get any future updated information about you or your private life.

Prevention is better than cure

Thinking about Facebook in day-to-day life, it’s probably worth re-iterating that you should avoid clicking those quiz apps, face generators, or accepting game invitations without first understanding just what information you’re giving away.

If in doubt, try to think: Does anybody really care what my movie star poster looks like, or what I look like as the opposite sex?

If you’re someone who loves posting quiz results on Facebook…

Please, just stop.

If the product is free, then you, or your data, are most likely the product!