FTC accuses Facebook of misleading developers over security
An investigation by the U.S. Federal Trade Commission (FTC) has suggested that the social networking site fell short in reviewing and verifying applications, and therefore "deceived" developers over security ratings.
When developers passed along an application into the now-closed verified apps scheme, it is reported that the social networking site was paid up to $95,000 in order to give software green 'ticks' of approval. By doing so, individual applications were given a "test for trustworthy user experiences" by Facebook.
However, an in-depth investigation into Facebook's practices, conducted by Commissioners Jon Leibowitz, J. Thomas Rosch, Edith Ramirez and Julie Brill, has found that the social networking giant did not take the steps to review applications that it promoted.
According to the FTC's report, under the title "Facebook's deceptive verified apps program", the program which ran from approximately May 2009 to December 2009 awarded 254 applications a green 'verified' badge.
Each developer paid a fee of $375, or $175 for a student or nonprofit organization.
Every verified application was given preferential treatment through a visible badge, tick and higher rankings in search results, on Facebook and within the social network's directory.
The FTC says that whereas Facebook conveyed to consumers it had taken steps to verify the security of these applications in comparison to other non-verified apps, the program fell short of its professed offerings.
The press release that coincided with the launch of the scheme stated:
"Application Verification Facebook is introducing the Application Verification program which is designed to offer extra assurances to help users identify applications they can trust -- applications that are secure, respectful and transparent, and have demonstrated commitment to compliance with Platform policies."
Therefore, these applications should have been tested thoroughly for any security flaws that could expose users, right? Apparently not. Within the 19-page report, which is littered with words including "unfair" and "deceptive", the FTC accuses Facebook in the following manner:
"Facebook took no steps to verify either the security of a Verified Application's website or the security the Application provided for the user information it collected, beyond such steps as it may have taken regarding any other Platform Application."
It continues (emphasis mine):
"In many instances Facebook has permitted a Platform Application to display its Verified Apps badge when its review of the application's security has not exceeded its review of other Platform Applications. Therefore, the representation set forth [..] constitutes a false or misleading representation. "
Due to this, consumers may have been deceived and lulled into a false sense of security due to 'verified' tickmarks on applications that were no more or less secure than standard third-party applications -- which could suggest that Facebook profited through the scheme without completing their part of the bargain.
Not only this, of course, but if the verification was not completed, then developers shelled out for worthless verification badges.
Facebook has agreed to undergo privacy vetting over 20 years by an independent watchdog. The report comes days after Google was fined a record $22.5m by the commission for circumventing privacy settings on the Apple Safari browser.