⬆️ ⬇️

Access to information by Facebook applications (in pictures)

By adding a new application to Facebook or registering with it on the website, applications get access to your information. Now developers have about 60 different permissions (permissions) through which they can access, create and manage your information.







An application has access to one information (public), and an application can ask you for different permissions to another, which is necessary for work.

How to protect yourself - read the tackle.



A detailed list of permissions is available in the Facebook documentation (in English).

Permissions can be divided into those that:

  1. They allow to get data (“read-only”): personal and contact information, lists of friends, groups, interests and other things.
  2. Manage data (create, modify, delete): publish statuses, notes, photos, responses to event requests, posts and site visits.


On the other hand, permissions are divided into access to user information and user friend information.

')

You can control the level of access to your information inside and outside of Facebook. To protect yourself, follow the guidelines described below.



Privacy management


Your name, profile picture, gender, community and username are open to all. You can configure the rest of the information in “Privacy Settings”, through the “Account” menu on Facebook. In the “Applications and websites” section, first of all you should pay attention to the “Information accessible through your friends” block. Here you can specify what information is available for applications and websites in case your friends use them.





Application and Website Control


From the “Privacy Settings” page you can go to editing applications. Here you can either delete the application completely, then it will no longer be able to work with your data until you re-enter the application and allow the necessary permissions. Remove unwanted spamming applications or applications. For the rest, you can go through the settings by clicking “Change Settings”.



For the selected application information is available:







Permissions


After you have configured what information you leave public and what applications will be available through your friends, as well as check the settings of the added applications, look at possible permissions that applications may request.







Separate permissions can be combined under one icon and displayed as a list in the description. Compare the first three icons to the left.



If the application requests email from you, then you can choose: give your email or proxy email address. In the latter, you are given an arbitrary address, the letters from which are redirected to you. After breaking the connection, the application will not be able to send them further, since it does not know the box itself. Quite often, developers check what type of email you have left, and block access until you give away your real address.



To manage events there are 2 permission:
  1. create_event - allows you to create and change events, invite friends
  2. rsvp_event - RSVP event - allows you to choose whether you will go (signature on the invitation, urging the recipient to respond to the event (Répondez s'il vous plaît - French))


The permission “Leave posts on my wall” allows you to create notes, post statuses and links, leave comments and like, upload photos. If you give this application permission, it can do so at any time, regardless of your online presence or use of the application.



In cases where an application wants to access information at any time, it requests permission offline_access - “Access my data at any time.” To access information, the application uses access_token - a unique user key. But it takes about an hour and is constantly updated, so if you allow offline access, the application will receive an “eternal” access_token.



The application can manage the pages in which the user is an administrator. To do this, it asks for manage_pages permission - “Manage my pages”.



For developers


Finally, a few recommendations to application developers:

  1. Ask for as few permissions as possible to get started with the application. Ideally, the landing page should open regardless of whether I allowed access to the application. On this page you can tell why I should allow access and give the opportunity to do it consciously. Failure conversion will be lower.
  2. If the user has allowed access - do not show the landing page. Perform authorization immediately on the server side, without multiple reloads of the application's iframe window, and let the user get started right away.
  3. Do not take action if you have clearly not received approval from the user. Virality due to spam reduces loyalty to the application. Instead of automatized publications and invitations, let's get similar options via Dialogs.
  4. Follow Facebook ’s rights and rules for developers .

Source: https://habr.com/ru/post/117205/



All Articles