As we’ve said many times, Six4Three — creators of the Pikinis app — cherrypicked these documents from years ago as part of a lawsuit to force Facebook to share information on friends of the app’s users. The set of documents, by design, tells only one side of the story and omits important context.
We still stand by the platform changes we made in 2014/2015, which prevented people from sharing their friends’ information with developers like the creators of Pikinis. The extensions we granted at that time were short term and only used to prevent people from losing access to specific functions as developers updated their apps. Pikinis didn’t receive an extension, and they went to court.
The documents were selectively leaked to publish some, but not all, of the internal discussions at Facebook at the time of our platform changes. But the facts are clear: we’ve never sold people’s data.
Unfortunately, select quotes from these documents have been released to suggest things that are false. For example, accusations about potential misuse of our APIs were made in a recent hearing before the DCMS Select Committee, but the full story was omitted. We ultimately released the emails showing that engineers who initially raised questions about “billions” of API calls realized there were only about 6 million legitimate calls from Pinterest, not a Russian actor.
Responses to Specific Areas
There is an important distinction between friends’ data and friend lists.
We changed our platform policies in 2014/15 to prevent apps from requesting permission to access friends’ information. The history of Cambridge Analytica shows this was the right thing to do. For most developers, we also limited their ability to request a list of who someone’s friends were, unless those friends were also using the developer’s app. In some situations, when necessary, we allowed developers to access a list of the users’ friends. This was not friends’ private information but a list of your friends (name and profile pic). (Updated on December 5, 2018 at 2:15PM PT to clarify the nature of the information that could be requested.)
In addition, white lists are also common practice when testing new features and functionality with a limited set of partners before rolling out the feature more broadly (aka beta testing). Similarly, it’s common to help partners transition their apps during platform changes to prevent their apps from crashing or causing disruptive experiences for users.
Value of Friends’ Data
The developer platform is free for developers to use.
We explored multiple ways to build a sustainable business with developers who were building apps that were useful to people. But instead of requiring developers to buy advertising – the option discussed in these cherrypicked emails – we ultimately settled on a model where developers did not need to purchase advertising to access APIs and we continued to provide the developer platform for free.
In 2013, Facebook had the following “reciprocity” provision in its Facebook Platform Policies:
“Reciprocity: Facebook Platform enables developers to build personalized, social experiences via the Graph API and related APIs. If you use any Facebook APIs to build personalized or social experiences, you must also enable people to easily share their experiences back with people on Facebook.”
This policy required developers to give people the option to share information back to Facebook through the developer’s app. This meant that you could share your app experience (game score, photo, etc.) back to your Facebook friends if you wanted to. People had the choice about whether they did this or not.
Call and SMS History on Android
This specific feature allows people to opt in to giving Facebook access to their call and text messaging logs in Facebook Lite and Messenger on Android devices. We use this information to do things like make better suggestions for people to call in Messenger and rank contact lists in Messenger and Facebook Lite. After a thorough review in 2018, it became clear that the information is not as useful after about a year. For example, as we use this information to list contacts that are most useful to you, old call history is less useful. You are unlikely to need to call someone who you last called over a year ago compared to a contact you called just last week.
(Updated on December 5, 2018 at 1:20PM PST after receiving additional questions from press about some emails that discuss possible permission updates for Call and SMS history on Android. The below paragraph provides further clarification.)
The feature is opt in for users and we ask for people’s permission before enabling. We always consider the best way to ask for a person’s permission, whether that’s through a permission dialog set by a mobile operating system like Android or iOS, or a permission we design in the Facebook app. With this feature, we asked for permission inside the Facebook Messenger app, and this was a discussion about how our decision to launch this opt-in feature would interact with the Android operating system’s own permission screens. This was not a discussion about avoiding asking people for permission.
Onavo provides people with a free VPN app that creates a safer connection while you’re using apps or accessing the web on your phone. As part of providing the service, Onavo collects information about app usage to gain insights into the products and services people value, so we can build better experiences. We’ve always been clear when people download Onavo about the information that is collected and how it is used, including by Facebook. We let people know before they download the app and on the first screen they see after installing it. Also, people can opt-out via the control in their settings and their data won’t be used for anything other than to provide, improve and develop Onavo products and services. Websites and apps have used tools like Onavo for market research services for years. We use Onavo, App Annie, comScore, and publicly available tools to help us understand the market and improve all our services.
Targeting Competitor Apps
We built our developer platform years ago to pave the way for innovation in social apps and services. At that time we made the decision to restrict apps built on top of our platform that replicated our core functionality. These kind of restrictions are common across the tech industry with different platforms having their own variant including YouTube, Twitter, Snap and Apple. We regularly review our policies to ensure they are both protecting people’s data and enabling useful services to be built on our platform for the benefit of the Facebook community. As part of our ongoing review we have decided that we will remove this out-of-date policy so that our platform remains as open as possible. We think this is the right thing to do as platforms and technology develop and grow.