Facebook reportedly gave Russian Internet company Mail.ru a two-week extension to disable features on its messaging apps which gave the foreign firm access to Facebook users’ friend lists.
Facebook defended itself against greater scrutiny in relation to their handling of user data via a blog post which claimed that in 2014, the company changed an API element in order to prevent apps from collecting data on users friends. However, the company recently admitted that while the change was announced in 2014, some apps that already had access to users friends lists continued to have that access until May 2015.
Facebook acknowledged that many apps had access to these features for as long as six months after the initial API change, which was reportedly to allow for these companies to bring their apps “into compliance” with the new rules. Hundreds of apps continued to have access to users’ friends list data including dating app Hinge and music-streaming app Spotify.
One of the apps that surprisingly continued to have access to Facebook user data was from the Russian Internet firm Mail.ru.
Mail.ru was given a two-week extension to disable a feature on messaging apps that allowed users to see their Facebook friends list and message Facebook friends also using the Mail.ru app. During this time, Facebook claims that the app only had access to users’ friend lists and not the personal information of those friends, but for some time after that extension was in place, Mail.ru continued to run hundreds of apps on the platform operating under Facebook’s old rules. This allowed Mail.ru apps to continue to access the friend list of Facebook users.
A Facebook spokesperson told Wired magazine: “Some apps were built prior to the platform change in 2015, so they did have access to the earlier version of our platform. That made it possible for users to consent to sharing information about themselves, as well as their friends.”
Facebook claims that the majority of Mail.ru’s apps were private test apps and only a handful of them went live for user access. Facebook also stated that Mail.ru apps have not had access to users’ friend lists since May of 2015. Facebook, however, is investigating Mail.ru along with any other apps that had access to user data prior to API changes in 2015. A Facebook spokesperson stated: “We found no indication of misuse with Mail.ru. If we detect any suspicious activity or potential misuse, that’s when we formally audit a company.”
When asked for comment by Wired, a Mail.ru spokesperson said: “We assume that while changing API Facebook changed the terms for the clients who had popular applications that had not been updated to the latest version […] We definitely use our cooperation with Facebook strictly for business needs of our products and strictly according to the Facebook regulations.”
Senator Mark Warner (D-VA), who is currently acting as the vice chairman of the Senate Intelligence Committee, said in a statement: “We need to determine what user information was shared with Mail.ru and what may have been done with the captured data.” Warner was particularly worried about Mail.ru as one of the company’s major investors, Alisher Usmanov, has previously boasted “close ties to Vladimir Putin.”