Earlier this year, Facebook implemented a review of apps that use Facebook login. Here are the results.
BuzzFeed / Matthew Lynley
Earlier this year, Facebook implemented a review system for applications that access a user's Facebook data when they log in, as part of a crackdown on rogue apps that were asking for too much personal information.
And so far, it seems like it's working. Outside of the basic permissions every app is given, the average number of extended permissions developers now ask for -- such as to permission to post messages on their wall or what a user has liked -- has dropped to two (it used to be five). The team has looked at about 25,000 apps since it implemented the review process, and though that number is still increasing, product manager Sean Leow said most applications are able to be reviewed in about a day.
One benefit of this tighter policing of how much data apps ask for: People become more likely to use them. "You just feel lighter going into the app," Leow said. "Anecdotally we see with many apps the actual install rate, if you're seeing less things you need you're gonna install that app more."
Facebook's developer operations team mixes technical expertise with a more human understanding of how their product is used. New recruits have to go through technical questions about databases — the team is constantly looking for ways to streamline the process with the data they gather — as well as walking through specific cases of how an application and a user interact.
"We have a couple principles that are, on a high level, what is the spirit of the law and what is the spirit of how people should use things," Leow said. "You run into gray areas or edge cases, those are the ones where we need to sit down as a group and say, hey this doesn't fall into a bucket, we talk with our team, the people who build it, and then we record it down in an internal wiki so we have reference on how we made a decision. Everything is still evaluated on a case-by-case basis."
Facebook says the changes are in the best interest of developers and users. But they also seem to be part of a conscious effort to get users more comfortable with sharing their information, even as privacy concerns and security breaches abound. Each app gets access to three basic permissions: your Facebook profile which includes public information, like your profile photo; your email address; and which friends are using the app you are logging into.
But when developers ask for more permissions — like publishing stories to News Feed — it has to run through the company's new app review process. Some examples include access to sensitive parts of a person's profile that aren't public, permission to manage Facebook pages someone manages, or extended permissions that interact with a user's personal profile like publishing stories to a user's news feed.
Each app is reviewed by a member of Leow's team, rather than just going through an automated system, he said. When an application is submitted that uses Facebook login, the developer operations team flips through it to ensure that the app fulfills some of the best practices that Facebook requests for an application.
Part of that is ensuring it's obvious when and where people are logging into Facebook, and the other part is ensuring users aren't surprised when an application automatically starts publishing stories on their News Feed, for example. The review process can be stringent, with applications going through an internal review system where a member of a team checks how the application actually uses each single permission an app is asking for.
"It's one of the ways we want to make people feel comfortable, when they press login they feel like that's a good experience," he said. "I'm not scared to push this button, they see the dialog where the app is looking for two pieces of data, that makes sense, it means I'm gonna have that good experience, versus when you go into some apps they may ask you for 50 things, that doesn't feel great."
Sometimes that results in Facebook bouncing the app back to the developer, but that usually includes some commentary about why the app didn't make it through.The login review process began earlier this year after being announced at its developer conference, f8.
Initially, the review period was expected to be about seven days, but the actual process only takes about a day to complete. Still, Facebook is expecting the number of applications asking for permissions to increase over time, especially with a deadline approaching for existing apps using Facebook Login that need to re-submit their apps for review before its next developer conference in 2015.
via IFTTT
No comments:
Post a Comment